Mostly my stuff with a few easy patches from others. I know I have a few big series in my to-review queue, but I've been too jetlagged to try to tackle those :-( thanks -- PMM The following changes since commit a26a98dfb9d448d7234d931ae3720feddf6f0651: Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171006' into staging (2017-10-06 13:19:03 +0100) are available in the git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171006 for you to fetch changes up to 04829ce334bece78d4fa1d0fdbc8bc27dae9b242: nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit (2017-10-06 16:46:49 +0100) ---------------------------------------------------------------- target-arm: * v8M: more preparatory work * nvic: reset properly rather than leaving the nvic in a weird state * xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false * sd: fix out-of-bounds check for multi block reads * arm: Fix SMC reporting to EL2 when QEMU provides PSCI ---------------------------------------------------------------- Jan Kiszka (1): arm: Fix SMC reporting to EL2 when QEMU provides PSCI Michael Olbrich (1): hw/sd: fix out-of-bounds check for multi block reads Peter Maydell (17): nvic: Clear the vector arrays and prigroup on reset target/arm: Don't switch to target stack early in v7M exception return target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode target/arm: Restore security state on exception return target/arm: Restore SPSEL to correct CONTROL register on exception return target/arm: Check for xPSR mismatch usage faults earlier for v8M target/arm: Warn about restoring to unaligned stack target/arm: Don't warn about exception return with PC low bit set for v8M target/arm: Add new-in-v8M SFSR and SFAR target/arm: Update excret sanity checks for v8M target/arm: Add support for restoring v8M additional state context target/arm: Add v8M support to exception entry code nvic: Implement Security Attribution Unit registers target/arm: Implement security attribute lookups for memory accesses target/arm: Fix calculation of secure mm_idx values target/arm: Factor out "get mmuidx for specified security state" nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit Thomas Huth (1): hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false target/arm/cpu.h | 60 ++++- target/arm/internals.h | 15 ++ hw/arm/xlnx-zynqmp.c | 2 + hw/intc/armv7m_nvic.c | 158 ++++++++++- hw/sd/sd.c | 12 +- target/arm/cpu.c | 27 ++ target/arm/helper.c | 691 +++++++++++++++++++++++++++++++++++++++++++------ target/arm/machine.c | 16 ++ target/arm/op_helper.c | 27 +- 9 files changed, 898 insertions(+), 110 deletions(-) From: Jan Kiszka <jan.kiszka@siemens.com> This properly forwards SMC events to EL2 when PSCI is provided by QEMU itself and, thus, ARM_FEATURE_EL3 is off. Found and tested with the Jailhouse hypervisor. Solution based on suggestions by Peter Maydell. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Message-id: 4f243068-aaea-776f-d18f-f9e05e7be9cd@siemens.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 9 ++++++++- target/arm/op_helper.c | 27 +++++++++++++++++---------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) if (arm_feature(env, ARM_FEATURE_EL3)) { valid_mask &= ~HCR_HCD; - } else { + } else if (cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) { + /* Architecturally HCR.TSC is RES0 if EL3 is not implemented. + * However, if we're using the SMC PSCI conduit then QEMU is + * effectively acting like EL3 firmware and so the guest at + * EL2 should retain the ability to prevent EL1 from being + * able to make SMC calls into the ersatz firmware, so in + * that case HCR.TSC should be read/write. + */ valid_mask &= ~HCR_TSC; } diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome) */ bool undef = arm_feature(env, ARM_FEATURE_AARCH64) ? smd : smd && !secure; - if (arm_is_psci_call(cpu, EXCP_SMC)) { - /* If PSCI is enabled and this looks like a valid PSCI call then - * that overrides the architecturally mandated SMC behaviour. + if (!arm_feature(env, ARM_FEATURE_EL3) && + cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) { + /* If we have no EL3 then SMC always UNDEFs and can't be + * trapped to EL2. PSCI-via-SMC is a sort of ersatz EL3 + * firmware within QEMU, and we want an EL2 guest to be able + * to forbid its EL1 from making PSCI calls into QEMU's + * "firmware" via HCR.TSC, so for these purposes treat + * PSCI-via-SMC as implying an EL3. */ - return; - } - - if (!arm_feature(env, ARM_FEATURE_EL3)) { - /* If we have no EL3 then SMC always UNDEFs */ undef = true; } else if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) { - /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. */ + /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. + * We also want an EL2 guest to be able to forbid its EL1 from + * making PSCI calls into QEMU's "firmware" via HCR.TSC. + */ raise_exception(env, EXCP_HYP_TRAP, syndrome, 2); } - if (undef) { + /* If PSCI is enabled and this looks like a valid PSCI call then + * suppress the UNDEF -- we'll catch the SMC exception and + * implement the PSCI call behaviour there. + */ + if (undef && !arm_is_psci_call(cpu, EXCP_SMC)) { raise_exception(env, EXCP_UDEF, syn_uncategorized(), exception_target_el(env)); } -- 2.7.4 From: Michael Olbrich <m.olbrich@pengutronix.de> The current code checks if the next block exceeds the size of the card. This generates an error while reading the last block of the card. Do the out-of-bounds check when starting to read a new block to fix this. This issue became visible with increased error checking in Linux 4.13. Cc: qemu-stable@nongnu.org Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 20170916091611.10241-1-m.olbrich@pengutronix.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/sd/sd.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -XXX,XX +XXX,XX @@ uint8_t sd_read_data(SDState *sd) break; case 18: /* CMD18: READ_MULTIPLE_BLOCK */ - if (sd->data_offset == 0) + if (sd->data_offset == 0) { + if (sd->data_start + io_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; + return 0x00; + } BLK_READ_BLOCK(sd->data_start, io_len); + } ret = sd->data[sd->data_offset ++]; if (sd->data_offset >= io_len) { @@ -XXX,XX +XXX,XX @@ uint8_t sd_read_data(SDState *sd) break; } } - - if (sd->data_start + io_len > sd->size) { - sd->card_status |= ADDRESS_ERROR; - break; - } } break; -- 2.7.4 From: Thomas Huth <thuth@redhat.com> The device uses serial_hds in its realize function and thus can't be used twice. Apart from that, the comma in its name makes it quite hard to use for the user anyway, since a comma is normally used to separate the device name from its properties when using the "-device" parameter or the "device_add" HMP command. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1506441116-16627-1-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/xlnx-zynqmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/xlnx-zynqmp.c +++ b/hw/arm/xlnx-zynqmp.c @@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_class_init(ObjectClass *oc, void *data) dc->props = xlnx_zynqmp_props; dc->realize = xlnx_zynqmp_realize; + /* Reason: Uses serial_hds in realize function, thus can't be used twice */ + dc->user_creatable = false; } static const TypeInfo xlnx_zynqmp_type_info = { -- 2.7.4 Reset for devices does not include an automatic clear of the device state (unlike CPU state, where most of the state structure is cleared to zero). Add some missing initialization of NVIC state that meant that the device was left in the wrong state if the guest did a warm reset. (In particular, since we were resetting the computed state like s->exception_prio but not all the state it was computed from like s->vectors[x].active, the NVIC wound up in an inconsistent state that could later trigger assertion failures.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1506092407-26985-2-git-send-email-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -XXX,XX +XXX,XX @@ static void armv7m_nvic_reset(DeviceState *dev) int resetprio; NVICState *s = NVIC(dev); + memset(s->vectors, 0, sizeof(s->vectors)); + memset(s->sec_vectors, 0, sizeof(s->sec_vectors)); + s->prigroup[M_REG_NS] = 0; + s->prigroup[M_REG_S] = 0; + s->vectors[ARMV7M_EXCP_NMI].enabled = 1; /* MEM, BUS, and USAGE are enabled through * the System Handler Control register -- 2.7.4 Currently our M profile exception return code switches to the target stack pointer relatively early in the process, before it tries to pop the exception frame off the stack. This is awkward for v8M for two reasons: * in v8M the process vs main stack pointer is not selected purely by the value of CONTROL.SPSEL, so updating SPSEL and relying on that to switch to the right stack pointer won't work * the stack we should be reading the stack frame from and the stack we will eventually switch to might not be the same if the guest is doing strange things Change our exception return code to use a 'frame pointer' to read the exception frame rather than assuming that we can switch the live stack pointer this early. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-3-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 130 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 98 insertions(+), 32 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void v7m_push(CPUARMState *env, uint32_t val) stl_phys(cs->as, env->regs[13], val); } -static uint32_t v7m_pop(CPUARMState *env) -{ - CPUState *cs = CPU(arm_env_get_cpu(env)); - uint32_t val; - - val = ldl_phys(cs->as, env->regs[13]); - env->regs[13] += 4; - return val; -} - /* Return true if we're using the process stack pointer (not the MSP) */ static bool v7m_using_psp(CPUARMState *env) { @@ -XXX,XX +XXX,XX @@ void HELPER(v7m_bxns)(CPUARMState *env, uint32_t dest) env->regs[15] = dest & ~1; } +static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode, + bool spsel) +{ + /* Return a pointer to the location where we currently store the + * stack pointer for the requested security state and thread mode. + * This pointer will become invalid if the CPU state is updated + * such that the stack pointers are switched around (eg changing + * the SPSEL control bit). + * Compare the v8M ARM ARM pseudocode LookUpSP_with_security_mode(). + * Unlike that pseudocode, we require the caller to pass us in the + * SPSEL control bit value; this is because we also use this + * function in handling of pushing of the callee-saves registers + * part of the v8M stack frame (pseudocode PushCalleeStack()), + * and in the tailchain codepath the SPSEL bit comes from the exception + * return magic LR value from the previous exception. The pseudocode + * opencodes the stack-selection in PushCalleeStack(), but we prefer + * to make this utility function generic enough to do the job. + */ + bool want_psp = threadmode && spsel; + + if (secure == env->v7m.secure) { + /* Currently switch_v7m_sp switches SP as it updates SPSEL, + * so the SP we want is always in regs[13]. + * When we decouple SPSEL from the actually selected SP + * we need to check want_psp against v7m_using_psp() + * to see whether we need regs[13] or v7m.other_sp. + */ + return &env->regs[13]; + } else { + if (want_psp) { + return &env->v7m.other_ss_psp; + } else { + return &env->v7m.other_ss_msp; + } + } +} + static uint32_t arm_v7m_load_vector(ARMCPU *cpu) { CPUState *cs = CPU(cpu); @@ -XXX,XX +XXX,XX @@ static void v7m_push_stack(ARMCPU *cpu) static void do_v7m_exception_exit(ARMCPU *cpu) { CPUARMState *env = &cpu->env; + CPUState *cs = CPU(cpu); uint32_t excret; uint32_t xpsr; bool ufault = false; @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) bool return_to_handler = false; bool rettobase = false; bool exc_secure = false; + bool return_to_secure; /* We can only get here from an EXCP_EXCEPTION_EXIT, and * gen_bx_excret() enforces the architectural rule @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } + return_to_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && + (excret & R_V7M_EXCRET_S_MASK); + switch (excret & 0xf) { case 1: /* Return to Handler */ return_to_handler = true; @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) return; } - /* Switch to the target stack. */ + /* Set CONTROL.SPSEL from excret.SPSEL. For QEMU this currently + * causes us to switch the active SP, but we will change this + * later to not do that so we can support v8M. + */ switch_v7m_sp(env, return_to_sp_process); - /* Pop registers. */ - env->regs[0] = v7m_pop(env); - env->regs[1] = v7m_pop(env); - env->regs[2] = v7m_pop(env); - env->regs[3] = v7m_pop(env); - env->regs[12] = v7m_pop(env); - env->regs[14] = v7m_pop(env); - env->regs[15] = v7m_pop(env); - if (env->regs[15] & 1) { - qemu_log_mask(LOG_GUEST_ERROR, - "M profile return from interrupt with misaligned " - "PC is UNPREDICTABLE\n"); - /* Actual hardware seems to ignore the lsbit, and there are several - * RTOSes out there which incorrectly assume the r15 in the stack - * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value. + + { + /* The stack pointer we should be reading the exception frame from + * depends on bits in the magic exception return type value (and + * for v8M isn't necessarily the stack pointer we will eventually + * end up resuming execution with). Get a pointer to the location + * in the CPU state struct where the SP we need is currently being + * stored; we will use and modify it in place. + * We use this limited C variable scope so we don't accidentally + * use 'frame_sp_p' after we do something that makes it invalid. + */ + uint32_t *frame_sp_p = get_v7m_sp_ptr(env, + return_to_secure, + !return_to_handler, + return_to_sp_process); + uint32_t frameptr = *frame_sp_p; + + /* Pop registers. TODO: make these accesses use the correct + * attributes and address space (S/NS, priv/unpriv) and handle + * memory transaction failures. */ - env->regs[15] &= ~1U; + env->regs[0] = ldl_phys(cs->as, frameptr); + env->regs[1] = ldl_phys(cs->as, frameptr + 0x4); + env->regs[2] = ldl_phys(cs->as, frameptr + 0x8); + env->regs[3] = ldl_phys(cs->as, frameptr + 0xc); + env->regs[12] = ldl_phys(cs->as, frameptr + 0x10); + env->regs[14] = ldl_phys(cs->as, frameptr + 0x14); + env->regs[15] = ldl_phys(cs->as, frameptr + 0x18); + if (env->regs[15] & 1) { + qemu_log_mask(LOG_GUEST_ERROR, + "M profile return from interrupt with misaligned " + "PC is UNPREDICTABLE\n"); + /* Actual hardware seems to ignore the lsbit, and there are several + * RTOSes out there which incorrectly assume the r15 in the stack + * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value. + */ + env->regs[15] &= ~1U; + } + xpsr = ldl_phys(cs->as, frameptr + 0x1c); + + /* Commit to consuming the stack frame */ + frameptr += 0x20; + /* Undo stack alignment (the SPREALIGN bit indicates that the original + * pre-exception SP was not 8-aligned and we added a padding word to + * align it, so we undo this by ORing in the bit that increases it + * from the current 8-aligned value to the 8-unaligned value. (Adding 4 + * would work too but a logical OR is how the pseudocode specifies it.) + */ + if (xpsr & XPSR_SPREALIGN) { + frameptr |= 4; + } + *frame_sp_p = frameptr; } - xpsr = v7m_pop(env); + /* This xpsr_write() will invalidate frame_sp_p as it may switch stack */ xpsr_write(env, xpsr, ~XPSR_SPREALIGN); - /* Undo stack alignment. */ - if (xpsr & XPSR_SPREALIGN) { - env->regs[13] |= 4; - } /* The restored xPSR exception field will be zero if we're * resuming in Thread mode. If that doesn't match what the -- 2.7.4 In the v7M architecture, there is an invariant that if the CPU is in Handler mode then the CONTROL.SPSEL bit cannot be nonzero. This in turn means that the current stack pointer is always indicated by CONTROL.SPSEL, even though Handler mode always uses the Main stack pointer. In v8M, this invariant is removed, and CONTROL.SPSEL may now be nonzero in Handler mode (though Handler mode still always uses the Main stack pointer). In preparation for this change, change how we handle this bit: rename switch_v7m_sp() to the now more accurate write_v7m_control_spsel(), and make it check both the handler mode state and the SPSEL bit. Note that this implicitly changes the point at which we switch active SP on exception exit from before we pop the exception frame to after it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-4-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 8 ++++++- hw/intc/armv7m_nvic.c | 2 +- target/arm/helper.c | 65 ++++++++++++++++++++++++++++++++++----------------- 3 files changed, 51 insertions(+), 24 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ void pmccntr_sync(CPUARMState *env); #define PSTATE_MODE_EL1t 4 #define PSTATE_MODE_EL0t 0 +/* Write a new value to v7m.exception, thus transitioning into or out + * of Handler mode; this may result in a change of active stack pointer. + */ +void write_v7m_exception(CPUARMState *env, uint32_t new_exc); + /* Map EL and handler into a PSTATE_MODE. */ static inline unsigned int aarch64_pstate_mode(unsigned int el, bool handler) { @@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) env->condexec_bits |= (val >> 8) & 0xfc; } if (mask & XPSR_EXCP) { - env->v7m.exception = val & XPSR_EXCP; + /* Note that this only happens on exception exit */ + write_v7m_exception(env, val & XPSR_EXCP); } } diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -XXX,XX +XXX,XX @@ bool armv7m_nvic_acknowledge_irq(void *opaque) vec->active = 1; vec->pending = 0; - env->v7m.exception = s->vectpending; + write_v7m_exception(env, s->vectpending); nvic_irq_update(s); diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static bool v7m_using_psp(CPUARMState *env) env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; } -/* Switch to V7M main or process stack pointer. */ -static void switch_v7m_sp(CPUARMState *env, bool new_spsel) +/* Write to v7M CONTROL.SPSEL bit. This may change the current + * stack pointer between Main and Process stack pointers. + */ +static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel) { uint32_t tmp; - uint32_t old_control = env->v7m.control[env->v7m.secure]; - bool old_spsel = old_control & R_V7M_CONTROL_SPSEL_MASK; + bool new_is_psp, old_is_psp = v7m_using_psp(env); + + env->v7m.control[env->v7m.secure] = + deposit32(env->v7m.control[env->v7m.secure], + R_V7M_CONTROL_SPSEL_SHIFT, + R_V7M_CONTROL_SPSEL_LENGTH, new_spsel); + + new_is_psp = v7m_using_psp(env); - if (old_spsel != new_spsel) { + if (old_is_psp != new_is_psp) { tmp = env->v7m.other_sp; env->v7m.other_sp = env->regs[13]; env->regs[13] = tmp; + } +} + +void write_v7m_exception(CPUARMState *env, uint32_t new_exc) +{ + /* Write a new value to v7m.exception, thus transitioning into or out + * of Handler mode; this may result in a change of active stack pointer. + */ + bool new_is_psp, old_is_psp = v7m_using_psp(env); + uint32_t tmp; - env->v7m.control[env->v7m.secure] = deposit32(old_control, - R_V7M_CONTROL_SPSEL_SHIFT, - R_V7M_CONTROL_SPSEL_LENGTH, new_spsel); + env->v7m.exception = new_exc; + + new_is_psp = v7m_using_psp(env); + + if (old_is_psp != new_is_psp) { + tmp = env->v7m.other_sp; + env->v7m.other_sp = env->regs[13]; + env->regs[13] = tmp; } } @@ -XXX,XX +XXX,XX @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode, bool want_psp = threadmode && spsel; if (secure == env->v7m.secure) { - /* Currently switch_v7m_sp switches SP as it updates SPSEL, - * so the SP we want is always in regs[13]. - * When we decouple SPSEL from the actually selected SP - * we need to check want_psp against v7m_using_psp() - * to see whether we need regs[13] or v7m.other_sp. - */ - return &env->regs[13]; + if (want_psp == v7m_using_psp(env)) { + return &env->regs[13]; + } else { + return &env->v7m.other_sp; + } } else { if (want_psp) { return &env->v7m.other_ss_psp; @@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) uint32_t addr; armv7m_nvic_acknowledge_irq(env->nvic); - switch_v7m_sp(env, 0); + write_v7m_control_spsel(env, 0); arm_clear_exclusive(env); /* Clear IT bits */ env->condexec_bits = 0; @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) return; } - /* Set CONTROL.SPSEL from excret.SPSEL. For QEMU this currently - * causes us to switch the active SP, but we will change this - * later to not do that so we can support v8M. + /* Set CONTROL.SPSEL from excret.SPSEL. Since we're still in + * Handler mode (and will be until we write the new XPSR.Interrupt + * field) this does not switch around the current stack pointer. */ - switch_v7m_sp(env, return_to_sp_process); + write_v7m_control_spsel(env, return_to_sp_process); { /* The stack pointer we should be reading the exception frame from @@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) case 20: /* CONTROL */ /* Writing to the SPSEL bit only has an effect if we are in * thread mode; other bits can be updated by any privileged code. - * switch_v7m_sp() deals with updating the SPSEL bit in + * write_v7m_control_spsel() deals with updating the SPSEL bit in * env->v7m.control, so we only need update the others. */ if (!arm_v7m_is_handler_mode(env)) { - switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0); + write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0); } env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK; env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK; -- 2.7.4 Now that we can handle the CONTROL.SPSEL bit not necessarily being in sync with the current stack pointer, we can restore the correct security state on exception return. This happens before we start to read registers off the stack frame, but after we have taken possible usage faults for bad exception return magic values and updated CONTROL.SPSEL. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-5-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ write_v7m_control_spsel(env, return_to_sp_process); + switch_v7m_security_state(env, return_to_secure); + { /* The stack pointer we should be reading the exception frame from * depends on bits in the magic exception return type value (and -- 2.7.4 On exception return for v8M, the SPSEL bit in the EXC_RETURN magic value should be restored to the SPSEL bit in the CONTROL register banked specified by the EXC_RETURN.ES bit. Add write_v7m_control_spsel_for_secstate() which behaves like write_v7m_control_spsel() but allows the caller to specify which CONTROL bank to use, reimplement write_v7m_control_spsel() in terms of it, and use it in exception return. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-6-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static bool v7m_using_psp(CPUARMState *env) env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK; } -/* Write to v7M CONTROL.SPSEL bit. This may change the current - * stack pointer between Main and Process stack pointers. +/* Write to v7M CONTROL.SPSEL bit for the specified security bank. + * This may change the current stack pointer between Main and Process + * stack pointers if it is done for the CONTROL register for the current + * security state. */ -static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel) +static void write_v7m_control_spsel_for_secstate(CPUARMState *env, + bool new_spsel, + bool secstate) { - uint32_t tmp; - bool new_is_psp, old_is_psp = v7m_using_psp(env); + bool old_is_psp = v7m_using_psp(env); - env->v7m.control[env->v7m.secure] = - deposit32(env->v7m.control[env->v7m.secure], + env->v7m.control[secstate] = + deposit32(env->v7m.control[secstate], R_V7M_CONTROL_SPSEL_SHIFT, R_V7M_CONTROL_SPSEL_LENGTH, new_spsel); - new_is_psp = v7m_using_psp(env); + if (secstate == env->v7m.secure) { + bool new_is_psp = v7m_using_psp(env); + uint32_t tmp; - if (old_is_psp != new_is_psp) { - tmp = env->v7m.other_sp; - env->v7m.other_sp = env->regs[13]; - env->regs[13] = tmp; + if (old_is_psp != new_is_psp) { + tmp = env->v7m.other_sp; + env->v7m.other_sp = env->regs[13]; + env->regs[13] = tmp; + } } } +/* Write to v7M CONTROL.SPSEL bit. This may change the current + * stack pointer between Main and Process stack pointers. + */ +static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel) +{ + write_v7m_control_spsel_for_secstate(env, new_spsel, env->v7m.secure); +} + void write_v7m_exception(CPUARMState *env, uint32_t new_exc) { /* Write a new value to v7m.exception, thus transitioning into or out @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) * Handler mode (and will be until we write the new XPSR.Interrupt * field) this does not switch around the current stack pointer. */ - write_v7m_control_spsel(env, return_to_sp_process); + write_v7m_control_spsel_for_secstate(env, return_to_sp_process, exc_secure); switch_v7m_security_state(env, return_to_secure); -- 2.7.4 ARM v8M specifies that the INVPC usage fault for mismatched xPSR exception field and handler mode bit should be checked before updating the PSR and SP, so that the fault is taken with the existing stack frame rather than by pushing a new one. Perform this check in the right place for v8M. Since v7M specifies in its pseudocode that this usage fault check should happen later, we have to retain the original code for that check rather than being able to merge the two. (The distinction is architecturally visible but only in very obscure corner cases like attempting an invalid exception return with an exception frame in read only memory.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-7-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) } xpsr = ldl_phys(cs->as, frameptr + 0x1c); + if (arm_feature(env, ARM_FEATURE_V8)) { + /* For v8M we have to check whether the xPSR exception field + * matches the EXCRET value for return to handler/thread + * before we commit to changing the SP and xPSR. + */ + bool will_be_handler = (xpsr & XPSR_EXCP) != 0; + if (return_to_handler != will_be_handler) { + /* Take an INVPC UsageFault on the current stack. + * By this point we will have switched to the security state + * for the background state, so this UsageFault will target + * that state. + */ + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, + env->v7m.secure); + env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " + "stackframe: failed exception return integrity " + "check\n"); + return; + } + } + /* Commit to consuming the stack frame */ frameptr += 0x20; /* Undo stack alignment (the SPREALIGN bit indicates that the original @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) /* The restored xPSR exception field will be zero if we're * resuming in Thread mode. If that doesn't match what the * exception return excret specified then this is a UsageFault. + * v7M requires we make this check here; v8M did it earlier. */ if (return_to_handler != arm_v7m_is_handler_mode(env)) { - /* Take an INVPC UsageFault by pushing the stack again. - * TODO: the v8M version of this code should target the - * background state for this exception. + /* Take an INVPC UsageFault by pushing the stack again; + * we know we're v7M so this is never a Secure UsageFault. */ + assert(!arm_feature(env, ARM_FEATURE_V8)); armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); -- 2.7.4 Attempting to do an exception return with an exception frame that is not 8-aligned is UNPREDICTABLE in v8M; warn about this. (It is not UNPREDICTABLE in v7M, and our implementation can handle the merely-4-aligned case fine, so we don't need to do anything except warn.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-8-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) return_to_sp_process); uint32_t frameptr = *frame_sp_p; + if (!QEMU_IS_ALIGNED(frameptr, 8) && + arm_feature(env, ARM_FEATURE_V8)) { + qemu_log_mask(LOG_GUEST_ERROR, + "M profile exception return with non-8-aligned SP " + "for destination state is UNPREDICTABLE\n"); + } + /* Pop registers. TODO: make these accesses use the correct * attributes and address space (S/NS, priv/unpriv) and handle * memory transaction failures. -- 2.7.4 In the v8M architecture, return from an exception to a PC which has bit 0 set is not UNPREDICTABLE; it is defined that bit 0 is discarded [R_HRJH]. Restrict our complaint about this to v7M. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-9-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) env->regs[12] = ldl_phys(cs->as, frameptr + 0x10); env->regs[14] = ldl_phys(cs->as, frameptr + 0x14); env->regs[15] = ldl_phys(cs->as, frameptr + 0x18); + + /* Returning from an exception with a PC with bit 0 set is defined + * behaviour on v8M (bit 0 is ignored), but for v7M it was specified + * to be UNPREDICTABLE. In practice actual v7M hardware seems to ignore + * the lsbit, and there are several RTOSes out there which incorrectly + * assume the r15 in the stack frame should be a Thumb-style "lsbit + * indicates ARM/Thumb" value, so ignore the bit on v7M as well, but + * complain about the badly behaved guest. + */ if (env->regs[15] & 1) { - qemu_log_mask(LOG_GUEST_ERROR, - "M profile return from interrupt with misaligned " - "PC is UNPREDICTABLE\n"); - /* Actual hardware seems to ignore the lsbit, and there are several - * RTOSes out there which incorrectly assume the r15 in the stack - * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value. - */ env->regs[15] &= ~1U; + if (!arm_feature(env, ARM_FEATURE_V8)) { + qemu_log_mask(LOG_GUEST_ERROR, + "M profile return from interrupt with misaligned " + "PC is UNPREDICTABLE on v7M\n"); + } } + xpsr = ldl_phys(cs->as, frameptr + 0x1c); if (arm_feature(env, ARM_FEATURE_V8)) { -- 2.7.4 Add the new M profile Secure Fault Status Register and Secure Fault Address Register. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-10-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 12 ++++++++++++ hw/intc/armv7m_nvic.c | 34 ++++++++++++++++++++++++++++++++++ target/arm/machine.c | 2 ++ 3 files changed, 48 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState { uint32_t cfsr[M_REG_NUM_BANKS]; /* Configurable Fault Status */ uint32_t hfsr; /* HardFault Status */ uint32_t dfsr; /* Debug Fault Status Register */ + uint32_t sfsr; /* Secure Fault Status Register */ uint32_t mmfar[M_REG_NUM_BANKS]; /* MemManage Fault Address */ uint32_t bfar; /* BusFault Address */ + uint32_t sfar; /* Secure Fault Address Register */ unsigned mpu_ctrl[M_REG_NUM_BANKS]; /* MPU_CTRL */ int exception; uint32_t primask[M_REG_NUM_BANKS]; @@ -XXX,XX +XXX,XX @@ FIELD(V7M_DFSR, DWTTRAP, 2, 1) FIELD(V7M_DFSR, VCATCH, 3, 1) FIELD(V7M_DFSR, EXTERNAL, 4, 1) +/* V7M SFSR bits */ +FIELD(V7M_SFSR, INVEP, 0, 1) +FIELD(V7M_SFSR, INVIS, 1, 1) +FIELD(V7M_SFSR, INVER, 2, 1) +FIELD(V7M_SFSR, AUVIOL, 3, 1) +FIELD(V7M_SFSR, INVTRAN, 4, 1) +FIELD(V7M_SFSR, LSPERR, 5, 1) +FIELD(V7M_SFSR, SFARVALID, 6, 1) +FIELD(V7M_SFSR, LSERR, 7, 1) + /* v7M MPU_CTRL bits */ FIELD(V7M_MPU_CTRL, ENABLE, 0, 1) FIELD(V7M_MPU_CTRL, HFNMIENA, 1, 1) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) goto bad_offset; } return cpu->env.pmsav8.mair1[attrs.secure]; + case 0xde4: /* SFSR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.v7m.sfsr; + case 0xde8: /* SFAR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.v7m.sfar; default: bad_offset: qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset); @@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, * only affect cacheability, and we don't implement caching. */ break; + case 0xde4: /* SFSR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + cpu->env.v7m.sfsr &= ~value; /* W1C */ + break; + case 0xde8: /* SFAR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + cpu->env.v7m.sfsr = value; + break; case 0xf00: /* Software Triggered Interrupt Register */ { int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ; diff --git a/target/arm/machine.c b/target/arm/machine.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_security = { VMSTATE_UINT32(env.v7m.ccr[M_REG_S], ARMCPU), VMSTATE_UINT32(env.v7m.mmfar[M_REG_S], ARMCPU), VMSTATE_UINT32(env.v7m.cfsr[M_REG_S], ARMCPU), + VMSTATE_UINT32(env.v7m.sfsr, ARMCPU), + VMSTATE_UINT32(env.v7m.sfar, ARMCPU), VMSTATE_END_OF_LIST() } }; -- 2.7.4 In v8M, more bits are defined in the exception-return magic values; update the code that checks these so we accept the v8M values when the CPU permits them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-11-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 73 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 58 insertions(+), 15 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) uint32_t excret; uint32_t xpsr; bool ufault = false; - bool return_to_sp_process = false; - bool return_to_handler = false; + bool sfault = false; + bool return_to_sp_process; + bool return_to_handler; bool rettobase = false; bool exc_secure = false; bool return_to_secure; @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) excret); } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + /* EXC_RETURN.ES validation check (R_SMFL). We must do this before + * we pick which FAULTMASK to clear. + */ + if (!env->v7m.secure && + ((excret & R_V7M_EXCRET_ES_MASK) || + !(excret & R_V7M_EXCRET_DCRS_MASK))) { + sfault = 1; + /* For all other purposes, treat ES as 0 (R_HXSR) */ + excret &= ~R_V7M_EXCRET_ES_MASK; + } + } + if (env->v7m.exception != ARMV7M_EXCP_NMI) { /* Auto-clear FAULTMASK on return from other than NMI. * If the security extension is implemented then this only @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) g_assert_not_reached(); } + return_to_handler = !(excret & R_V7M_EXCRET_MODE_MASK); + return_to_sp_process = excret & R_V7M_EXCRET_SPSEL_MASK; return_to_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && (excret & R_V7M_EXCRET_S_MASK); - switch (excret & 0xf) { - case 1: /* Return to Handler */ - return_to_handler = true; - break; - case 13: /* Return to Thread using Process stack */ - return_to_sp_process = true; - /* fall through */ - case 9: /* Return to Thread using Main stack */ - if (!rettobase && - !(env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_NONBASETHRDENA_MASK)) { + if (arm_feature(env, ARM_FEATURE_V8)) { + if (!arm_feature(env, ARM_FEATURE_M_SECURITY)) { + /* UNPREDICTABLE if S == 1 or DCRS == 0 or ES == 1 (R_XLCP); + * we choose to take the UsageFault. + */ + if ((excret & R_V7M_EXCRET_S_MASK) || + (excret & R_V7M_EXCRET_ES_MASK) || + !(excret & R_V7M_EXCRET_DCRS_MASK)) { + ufault = true; + } + } + if (excret & R_V7M_EXCRET_RES0_MASK) { ufault = true; } - break; - default: - ufault = true; + } else { + /* For v7M we only recognize certain combinations of the low bits */ + switch (excret & 0xf) { + case 1: /* Return to Handler */ + break; + case 13: /* Return to Thread using Process stack */ + case 9: /* Return to Thread using Main stack */ + /* We only need to check NONBASETHRDENA for v7M, because in + * v8M this bit does not exist (it is RES1). + */ + if (!rettobase && + !(env->v7m.ccr[env->v7m.secure] & + R_V7M_CCR_NONBASETHRDENA_MASK)) { + ufault = true; + } + break; + default: + ufault = true; + } + } + + if (sfault) { + env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " + "stackframe: failed EXC_RETURN.ES validity check\n"); + return; } if (ufault) { -- 2.7.4 For v8M, exceptions from Secure to Non-Secure state will save callee-saved registers to the exception frame as well as the caller-saved registers. Add support for unstacking these registers in exception exit when necessary. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-12-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) "for destination state is UNPREDICTABLE\n"); } + /* Do we need to pop callee-saved registers? */ + if (return_to_secure && + ((excret & R_V7M_EXCRET_ES_MASK) == 0 || + (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) { + uint32_t expected_sig = 0xfefa125b; + uint32_t actual_sig = ldl_phys(cs->as, frameptr); + + if (expected_sig != actual_sig) { + /* Take a SecureFault on the current stack */ + env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + v7m_exception_taken(cpu, excret); + qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " + "stackframe: failed exception return integrity " + "signature check\n"); + return; + } + + env->regs[4] = ldl_phys(cs->as, frameptr + 0x8); + env->regs[5] = ldl_phys(cs->as, frameptr + 0xc); + env->regs[6] = ldl_phys(cs->as, frameptr + 0x10); + env->regs[7] = ldl_phys(cs->as, frameptr + 0x14); + env->regs[8] = ldl_phys(cs->as, frameptr + 0x18); + env->regs[9] = ldl_phys(cs->as, frameptr + 0x1c); + env->regs[10] = ldl_phys(cs->as, frameptr + 0x20); + env->regs[11] = ldl_phys(cs->as, frameptr + 0x24); + + frameptr += 0x28; + } + /* Pop registers. TODO: make these accesses use the correct * attributes and address space (S/NS, priv/unpriv) and handle * memory transaction failures. -- 2.7.4 Add support for v8M and in particular the security extension to the exception entry code. This requires changes to: * calculation of the exception-return magic LR value * push the callee-saves registers in certain cases * clear registers when taking non-secure exceptions to avoid leaking information from the interrupted secure code * switch to the correct security state on entry * use the vector table for the security state we're targeting Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-13-git-send-email-peter.maydell@linaro.org --- target/arm/helper.c | 165 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 145 insertions(+), 20 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode, } } -static uint32_t arm_v7m_load_vector(ARMCPU *cpu) +static uint32_t arm_v7m_load_vector(ARMCPU *cpu, bool targets_secure) { CPUState *cs = CPU(cpu); CPUARMState *env = &cpu->env; MemTxResult result; - hwaddr vec = env->v7m.vecbase[env->v7m.secure] + env->v7m.exception * 4; + hwaddr vec = env->v7m.vecbase[targets_secure] + env->v7m.exception * 4; uint32_t addr; addr = address_space_ldl(cs->as, vec, @@ -XXX,XX +XXX,XX @@ static uint32_t arm_v7m_load_vector(ARMCPU *cpu) * Since we don't model Lockup, we just report this guest error * via cpu_abort(). */ - cpu_abort(cs, "Failed to read from exception vector table " - "entry %08x\n", (unsigned)vec); + cpu_abort(cs, "Failed to read from %s exception vector table " + "entry %08x\n", targets_secure ? "secure" : "nonsecure", + (unsigned)vec); } return addr; } -static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) +static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain) +{ + /* For v8M, push the callee-saves register part of the stack frame. + * Compare the v8M pseudocode PushCalleeStack(). + * In the tailchaining case this may not be the current stack. + */ + CPUARMState *env = &cpu->env; + CPUState *cs = CPU(cpu); + uint32_t *frame_sp_p; + uint32_t frameptr; + + if (dotailchain) { + frame_sp_p = get_v7m_sp_ptr(env, true, + lr & R_V7M_EXCRET_MODE_MASK, + lr & R_V7M_EXCRET_SPSEL_MASK); + } else { + frame_sp_p = &env->regs[13]; + } + + frameptr = *frame_sp_p - 0x28; + + stl_phys(cs->as, frameptr, 0xfefa125b); + stl_phys(cs->as, frameptr + 0x8, env->regs[4]); + stl_phys(cs->as, frameptr + 0xc, env->regs[5]); + stl_phys(cs->as, frameptr + 0x10, env->regs[6]); + stl_phys(cs->as, frameptr + 0x14, env->regs[7]); + stl_phys(cs->as, frameptr + 0x18, env->regs[8]); + stl_phys(cs->as, frameptr + 0x1c, env->regs[9]); + stl_phys(cs->as, frameptr + 0x20, env->regs[10]); + stl_phys(cs->as, frameptr + 0x24, env->regs[11]); + + *frame_sp_p = frameptr; +} + +static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain) { /* Do the "take the exception" parts of exception entry, * but not the pushing of state to the stack. This is @@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr) */ CPUARMState *env = &cpu->env; uint32_t addr; + bool targets_secure; + + targets_secure = armv7m_nvic_acknowledge_irq(env->nvic); - armv7m_nvic_acknowledge_irq(env->nvic); + if (arm_feature(env, ARM_FEATURE_V8)) { + if (arm_feature(env, ARM_FEATURE_M_SECURITY) && + (lr & R_V7M_EXCRET_S_MASK)) { + /* The background code (the owner of the registers in the + * exception frame) is Secure. This means it may either already + * have or now needs to push callee-saves registers. + */ + if (targets_secure) { + if (dotailchain && !(lr & R_V7M_EXCRET_ES_MASK)) { + /* We took an exception from Secure to NonSecure + * (which means the callee-saved registers got stacked) + * and are now tailchaining to a Secure exception. + * Clear DCRS so eventual return from this Secure + * exception unstacks the callee-saved registers. + */ + lr &= ~R_V7M_EXCRET_DCRS_MASK; + } + } else { + /* We're going to a non-secure exception; push the + * callee-saves registers to the stack now, if they're + * not already saved. + */ + if (lr & R_V7M_EXCRET_DCRS_MASK && + !(dotailchain && (lr & R_V7M_EXCRET_ES_MASK))) { + v7m_push_callee_stack(cpu, lr, dotailchain); + } + lr |= R_V7M_EXCRET_DCRS_MASK; + } + } + + lr &= ~R_V7M_EXCRET_ES_MASK; + if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) { + lr |= R_V7M_EXCRET_ES_MASK; + } + lr &= ~R_V7M_EXCRET_SPSEL_MASK; + if (env->v7m.control[targets_secure] & R_V7M_CONTROL_SPSEL_MASK) { + lr |= R_V7M_EXCRET_SPSEL_MASK; + } + + /* Clear registers if necessary to prevent non-secure exception + * code being able to see register values from secure code. + * Where register values become architecturally UNKNOWN we leave + * them with their previous values. + */ + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + if (!targets_secure) { + /* Always clear the caller-saved registers (they have been + * pushed to the stack earlier in v7m_push_stack()). + * Clear callee-saved registers if the background code is + * Secure (in which case these regs were saved in + * v7m_push_callee_stack()). + */ + int i; + + for (i = 0; i < 13; i++) { + /* r4..r11 are callee-saves, zero only if EXCRET.S == 1 */ + if (i < 4 || i > 11 || (lr & R_V7M_EXCRET_S_MASK)) { + env->regs[i] = 0; + } + } + /* Clear EAPSR */ + xpsr_write(env, 0, XPSR_NZCV | XPSR_Q | XPSR_GE | XPSR_IT); + } + } + } + + /* Switch to target security state -- must do this before writing SPSEL */ + switch_v7m_security_state(env, targets_secure); write_v7m_control_spsel(env, 0); arm_clear_exclusive(env); /* Clear IT bits */ env->condexec_bits = 0; env->regs[14] = lr; - addr = arm_v7m_load_vector(cpu); + addr = arm_v7m_load_vector(cpu, targets_secure); env->regs[15] = addr & 0xfffffffe; env->thumb = addr & 1; } @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) if (sfault) { env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " "stackframe: failed EXC_RETURN.ES validity check\n"); return; @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity check\n"); return; @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) /* Take a SecureFault on the current stack */ env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " "stackframe: failed exception return integrity " "signature check\n"); @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, true); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity " "check\n"); @@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); - v7m_exception_taken(cpu, excret); + v7m_exception_taken(cpu, excret, false); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: " "failed exception return integrity check\n"); return; @@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) return; /* Never happens. Keep compiler happy. */ } - lr = R_V7M_EXCRET_RES1_MASK | - R_V7M_EXCRET_S_MASK | - R_V7M_EXCRET_DCRS_MASK | - R_V7M_EXCRET_FTYPE_MASK | - R_V7M_EXCRET_ES_MASK; - if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) { - lr |= R_V7M_EXCRET_SPSEL_MASK; + if (arm_feature(env, ARM_FEATURE_V8)) { + lr = R_V7M_EXCRET_RES1_MASK | + R_V7M_EXCRET_DCRS_MASK | + R_V7M_EXCRET_FTYPE_MASK; + /* The S bit indicates whether we should return to Secure + * or NonSecure (ie our current state). + * The ES bit indicates whether we're taking this exception + * to Secure or NonSecure (ie our target state). We set it + * later, in v7m_exception_taken(). + * The SPSEL bit is also set in v7m_exception_taken() for v8M. + * This corresponds to the ARM ARM pseudocode for v8M setting + * some LR bits in PushStack() and some in ExceptionTaken(); + * the distinction matters for the tailchain cases where we + * can take an exception without pushing the stack. + */ + if (env->v7m.secure) { + lr |= R_V7M_EXCRET_S_MASK; + } + } else { + lr = R_V7M_EXCRET_RES1_MASK | + R_V7M_EXCRET_S_MASK | + R_V7M_EXCRET_DCRS_MASK | + R_V7M_EXCRET_FTYPE_MASK | + R_V7M_EXCRET_ES_MASK; + if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) { + lr |= R_V7M_EXCRET_SPSEL_MASK; + } } if (!arm_v7m_is_handler_mode(env)) { lr |= R_V7M_EXCRET_MODE_MASK; } v7m_push_stack(cpu); - v7m_exception_taken(cpu, lr); + v7m_exception_taken(cpu, lr, false); qemu_log_mask(CPU_LOG_INT, "... as %d\n", env->v7m.exception); } -- 2.7.4 Implement the register interface for the SAU: SAU_CTRL, SAU_TYPE, SAU_RNR, SAU_RBAR and SAU_RLAR. None of the actual behaviour is implemented here; registers just read back as written. When the CPU definition for Cortex-M33 is eventually added, its initfn will set cpu->sau_sregion, in the same way that we currently set cpu->pmsav7_dregion for the M3 and M4. Number of SAU regions is typically a configurable CPU parameter, but this patch doesn't provide a QEMU CPU property for it. We can easily add one when we have a board that requires it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-14-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 10 +++++ hw/intc/armv7m_nvic.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++ target/arm/cpu.c | 27 ++++++++++++ target/arm/machine.c | 14 ++++++ 4 files changed, 167 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState { uint32_t mair1[M_REG_NUM_BANKS]; } pmsav8; + /* v8M SAU */ + struct { + uint32_t *rbar; + uint32_t *rlar; + uint32_t rnr; + uint32_t ctrl; + } sau; + void *nvic; const struct arm_boot_info *boot_info; /* Store GICv3CPUState to access from this struct */ @@ -XXX,XX +XXX,XX @@ struct ARMCPU { bool has_mpu; /* PMSAv7 MPU number of supported regions */ uint32_t pmsav7_dregion; + /* v8M SAU number of supported regions */ + uint32_t sau_sregion; /* PSCI conduit used to invoke PSCI methods * 0 - disabled, 1 - smc, 2 - hvc diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) goto bad_offset; } return cpu->env.pmsav8.mair1[attrs.secure]; + case 0xdd0: /* SAU_CTRL */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.sau.ctrl; + case 0xdd4: /* SAU_TYPE */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->sau_sregion; + case 0xdd8: /* SAU_RNR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + return cpu->env.sau.rnr; + case 0xddc: /* SAU_RBAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + if (region >= cpu->sau_sregion) { + return 0; + } + return cpu->env.sau.rbar[region]; + } + case 0xde0: /* SAU_RLAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + if (region >= cpu->sau_sregion) { + return 0; + } + return cpu->env.sau.rlar[region]; + } case 0xde4: /* SFSR */ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { goto bad_offset; @@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, * only affect cacheability, and we don't implement caching. */ break; + case 0xdd0: /* SAU_CTRL */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + cpu->env.sau.ctrl = value & 3; + case 0xdd4: /* SAU_TYPE */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + break; + case 0xdd8: /* SAU_RNR */ + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + if (value >= cpu->sau_sregion) { + qemu_log_mask(LOG_GUEST_ERROR, "SAU region out of range %" + PRIu32 "/%" PRIu32 "\n", + value, cpu->sau_sregion); + } else { + cpu->env.sau.rnr = value; + } + break; + case 0xddc: /* SAU_RBAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + if (region >= cpu->sau_sregion) { + return; + } + cpu->env.sau.rbar[region] = value & ~0x1f; + tlb_flush(CPU(cpu)); + break; + } + case 0xde0: /* SAU_RLAR */ + { + int region = cpu->env.sau.rnr; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return; + } + if (region >= cpu->sau_sregion) { + return; + } + cpu->env.sau.rlar[region] = value & ~0x1c; + tlb_flush(CPU(cpu)); + break; + } case 0xde4: /* SFSR */ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { goto bad_offset; diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s) env->pmsav8.mair1[M_REG_S] = 0; } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + if (cpu->sau_sregion > 0) { + memset(env->sau.rbar, 0, sizeof(*env->sau.rbar) * cpu->sau_sregion); + memset(env->sau.rlar, 0, sizeof(*env->sau.rlar) * cpu->sau_sregion); + } + env->sau.rnr = 0; + /* SAU_CTRL reset value is IMPDEF; we choose 0, which is what + * the Cortex-M33 does. + */ + env->sau.ctrl = 0; + } + set_flush_to_zero(1, &env->vfp.standard_fp_status); set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status); set_default_nan_mode(1, &env->vfp.standard_fp_status); @@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) } } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + uint32_t nr = cpu->sau_sregion; + + if (nr > 0xff) { + error_setg(errp, "v8M SAU #regions invalid %" PRIu32, nr); + return; + } + + if (nr) { + env->sau.rbar = g_new0(uint32_t, nr); + env->sau.rlar = g_new0(uint32_t, nr); + } + } + if (arm_feature(env, ARM_FEATURE_EL3)) { set_feature(env, ARM_FEATURE_VBAR); } @@ -XXX,XX +XXX,XX @@ static void cortex_m4_initfn(Object *obj) cpu->midr = 0x410fc240; /* r0p0 */ cpu->pmsav7_dregion = 8; } + static void arm_v7m_class_init(ObjectClass *oc, void *data) { CPUClass *cc = CPU_CLASS(oc); diff --git a/target/arm/machine.c b/target/arm/machine.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -XXX,XX +XXX,XX @@ static bool s_rnr_vmstate_validate(void *opaque, int version_id) return cpu->env.pmsav7.rnr[M_REG_S] < cpu->pmsav7_dregion; } +static bool sau_rnr_vmstate_validate(void *opaque, int version_id) +{ + ARMCPU *cpu = opaque; + + return cpu->env.sau.rnr < cpu->sau_sregion; +} + static bool m_security_needed(void *opaque) { ARMCPU *cpu = opaque; @@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_security = { VMSTATE_UINT32(env.v7m.cfsr[M_REG_S], ARMCPU), VMSTATE_UINT32(env.v7m.sfsr, ARMCPU), VMSTATE_UINT32(env.v7m.sfar, ARMCPU), + VMSTATE_VARRAY_UINT32(env.sau.rbar, ARMCPU, sau_sregion, 0, + vmstate_info_uint32, uint32_t), + VMSTATE_VARRAY_UINT32(env.sau.rlar, ARMCPU, sau_sregion, 0, + vmstate_info_uint32, uint32_t), + VMSTATE_UINT32(env.sau.rnr, ARMCPU), + VMSTATE_VALIDATE("SAU_RNR is valid", sau_rnr_vmstate_validate), + VMSTATE_UINT32(env.sau.ctrl, ARMCPU), VMSTATE_END_OF_LIST() } }; -- 2.7.4 Implement the security attribute lookups for memory accesses in the get_phys_addr() functions, causing these to generate various kinds of SecureFault for bad accesses. The major subtlety in this code relates to handling of the case when the security attributes the SAU assigns to the address don't match the current security state of the CPU. In the ARM ARM pseudocode for validating instruction accesses, the security attributes of the address determine whether the Secure or NonSecure MPU state is used. At face value, handling this would require us to encode the relevant bits of state into mmu_idx for both S and NS at once, which would result in our needing 16 mmu indexes. Fortunately we don't actually need to do this because a mismatch between address attributes and CPU state means either: * some kind of fault (usually a SecureFault, but in theory perhaps a UserFault for unaligned access to Device memory) * execution of the SG instruction in NS state from a Secure & NonSecure code region The purpose of SG is simply to flip the CPU into Secure state, so we can handle it by emulating execution of that instruction directly in arm_v7m_cpu_do_interrupt(), which means we can treat all the mismatch cases as "throw an exception" and we don't need to encode the state of the other MPU bank into our mmu_idx values. This commit doesn't include the actual emulation of SG; it also doesn't include implementation of the IDAU, which is a per-board way to specify hard-coded memory attributes for addresses, which override the CPU-internal SAU if they specify a more secure setting than the SAU is programmed to. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-15-git-send-email-peter.maydell@linaro.org --- target/arm/internals.h | 15 ++++ target/arm/helper.c | 182 ++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 195 insertions(+), 2 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -XXX,XX +XXX,XX @@ FIELD(V7M_EXCRET, DCRS, 5, 1) FIELD(V7M_EXCRET, S, 6, 1) FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */ +/* We use a few fake FSR values for internal purposes in M profile. + * M profile cores don't have A/R format FSRs, but currently our + * get_phys_addr() code assumes A/R profile and reports failures via + * an A/R format FSR value. We then translate that into the proper + * M profile exception and FSR status bit in arm_v7m_cpu_do_interrupt(). + * Mostly the FSR values we use for this are those defined for v7PMSA, + * since we share some of that codepath. A few kinds of fault are + * only for M profile and have no A/R equivalent, though, so we have + * to pick a value from the reserved range (which we never otherwise + * generate) to use for these. + * These values will never be visible to the guest. + */ +#define M_FAKE_FSR_NSC_EXEC 0xf /* NS executing in S&NSC memory */ +#define M_FAKE_FSR_SFAULT 0xe /* SecureFault INVTRAN, INVEP or AUVIOL */ + /* * For AArch64, map a given EL to an index in the banked_spsr array. * Note that this mapping and the AArch32 mapping defined in bank_number() diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, target_ulong *page_size_ptr, uint32_t *fsr, ARMMMUFaultInfo *fi); +/* Security attributes for an address, as returned by v8m_security_lookup. */ +typedef struct V8M_SAttributes { + bool ns; + bool nsc; + uint8_t sregion; + bool srvalid; + uint8_t iregion; + bool irvalid; +} V8M_SAttributes; + /* Definitions for the PMCCNTR and PMCR registers */ #define PMCRD 0x8 #define PMCRC 0x4 @@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) * raises the fault, in the A profile short-descriptor format. */ switch (env->exception.fsr & 0xf) { + case M_FAKE_FSR_NSC_EXEC: + /* Exception generated when we try to execute code at an address + * which is marked as Secure & Non-Secure Callable and the CPU + * is in the Non-Secure state. The only instruction which can + * be executed like this is SG (and that only if both halves of + * the SG instruction have the same security attributes.) + * Everything else must generate an INVEP SecureFault, so we + * emulate the SG instruction here. + * TODO: actually emulate SG. + */ + env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK; + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.INVEP\n"); + break; + case M_FAKE_FSR_SFAULT: + /* Various flavours of SecureFault for attempts to execute or + * access data in the wrong security state. + */ + switch (cs->exception_index) { + case EXCP_PREFETCH_ABORT: + if (env->v7m.secure) { + env->v7m.sfsr |= R_V7M_SFSR_INVTRAN_MASK; + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.INVTRAN\n"); + } else { + env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK; + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.INVEP\n"); + } + break; + case EXCP_DATA_ABORT: + /* This must be an NS access to S memory */ + env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK; + qemu_log_mask(CPU_LOG_INT, + "...really SecureFault with SFSR.AUVIOL\n"); + break; + } + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); + break; case 0x8: /* External Abort */ switch (cs->exception_index) { case EXCP_PREFETCH_ABORT: @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, return !(*prot & (1 << access_type)); } +static bool v8m_is_sau_exempt(CPUARMState *env, + uint32_t address, MMUAccessType access_type) +{ + /* The architecture specifies that certain address ranges are + * exempt from v8M SAU/IDAU checks. + */ + return + (access_type == MMU_INST_FETCH && m_is_system_region(env, address)) || + (address >= 0xe0000000 && address <= 0xe0002fff) || + (address >= 0xe000e000 && address <= 0xe000efff) || + (address >= 0xe002e000 && address <= 0xe002efff) || + (address >= 0xe0040000 && address <= 0xe0041fff) || + (address >= 0xe00ff000 && address <= 0xe00fffff); +} + +static void v8m_security_lookup(CPUARMState *env, uint32_t address, + MMUAccessType access_type, ARMMMUIdx mmu_idx, + V8M_SAttributes *sattrs) +{ + /* Look up the security attributes for this address. Compare the + * pseudocode SecurityCheck() function. + * We assume the caller has zero-initialized *sattrs. + */ + ARMCPU *cpu = arm_env_get_cpu(env); + int r; + + /* TODO: implement IDAU */ + + if (access_type == MMU_INST_FETCH && extract32(address, 28, 4) == 0xf) { + /* 0xf0000000..0xffffffff is always S for insn fetches */ + return; + } + + if (v8m_is_sau_exempt(env, address, access_type)) { + sattrs->ns = !regime_is_secure(env, mmu_idx); + return; + } + + switch (env->sau.ctrl & 3) { + case 0: /* SAU.ENABLE == 0, SAU.ALLNS == 0 */ + break; + case 2: /* SAU.ENABLE == 0, SAU.ALLNS == 1 */ + sattrs->ns = true; + break; + default: /* SAU.ENABLE == 1 */ + for (r = 0; r < cpu->sau_sregion; r++) { + if (env->sau.rlar[r] & 1) { + uint32_t base = env->sau.rbar[r] & ~0x1f; + uint32_t limit = env->sau.rlar[r] | 0x1f; + + if (base <= address && limit >= address) { + if (sattrs->srvalid) { + /* If we hit in more than one region then we must report + * as Secure, not NS-Callable, with no valid region + * number info. + */ + sattrs->ns = false; + sattrs->nsc = false; + sattrs->sregion = 0; + sattrs->srvalid = false; + break; + } else { + if (env->sau.rlar[r] & 2) { + sattrs->nsc = true; + } else { + sattrs->ns = true; + } + sattrs->srvalid = true; + sattrs->sregion = r; + } + } + } + } + + /* TODO when we support the IDAU then it may override the result here */ + break; + } +} + static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address, MMUAccessType access_type, ARMMMUIdx mmu_idx, - hwaddr *phys_ptr, int *prot, uint32_t *fsr) + hwaddr *phys_ptr, MemTxAttrs *txattrs, + int *prot, uint32_t *fsr) { ARMCPU *cpu = arm_env_get_cpu(env); bool is_user = regime_is_user(env, mmu_idx); @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address, int n; int matchregion = -1; bool hit = false; + V8M_SAttributes sattrs = {}; *phys_ptr = address; *prot = 0; + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs); + if (access_type == MMU_INST_FETCH) { + /* Instruction fetches always use the MMU bank and the + * transaction attribute determined by the fetch address, + * regardless of CPU state. This is painful for QEMU + * to handle, because it would mean we need to encode + * into the mmu_idx not just the (user, negpri) information + * for the current security state but also that for the + * other security state, which would balloon the number + * of mmu_idx values needed alarmingly. + * Fortunately we can avoid this because it's not actually + * possible to arbitrarily execute code from memory with + * the wrong security attribute: it will always generate + * an exception of some kind or another, apart from the + * special case of an NS CPU executing an SG instruction + * in S&NSC memory. So we always just fail the translation + * here and sort things out in the exception handler + * (including possibly emulating an SG instruction). + */ + if (sattrs.ns != !secure) { + *fsr = sattrs.nsc ? M_FAKE_FSR_NSC_EXEC : M_FAKE_FSR_SFAULT; + return true; + } + } else { + /* For data accesses we always use the MMU bank indicated + * by the current CPU state, but the security attributes + * might downgrade a secure access to nonsecure. + */ + if (sattrs.ns) { + txattrs->secure = false; + } else if (!secure) { + /* NS access to S memory must fault. + * Architecturally we should first check whether the + * MPU information for this address indicates that we + * are doing an unaligned access to Device memory, which + * should generate a UsageFault instead. QEMU does not + * currently check for that kind of unaligned access though. + * If we added it we would need to do so as a special case + * for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt(). + */ + *fsr = M_FAKE_FSR_SFAULT; + return true; + } + } + } + /* Unlike the ARM ARM pseudocode, we don't need to check whether this * was an exception vector read from the vector table (which is always * done using the default system address map), because those accesses @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, if (arm_feature(env, ARM_FEATURE_V8)) { /* PMSAv8 */ ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx, - phys_ptr, prot, fsr); + phys_ptr, attrs, prot, fsr); } else if (arm_feature(env, ARM_FEATURE_V7)) { /* PMSAv7 */ ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx, -- 2.7.4 In cpu_mmu_index() we try to do this: if (env->v7m.secure) { mmu_idx += ARMMMUIdx_MSUser; } but it will give the wrong answer, because ARMMMUIdx_MSUser includes the 0x40 ARM_MMU_IDX_M field, and so does the mmu_idx we're adding to, and we'll end up with 0x8n rather than 0x4n. This error is then nullified by the call to arm_to_core_mmu_idx() which masks out the high part, but we're about to factor out the code that calculates the ARMMMUIdx values so it can be used without passing it through arm_to_core_mmu_idx(), so fix this bug first. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-16-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) int el = arm_current_el(env); if (arm_feature(env, ARM_FEATURE_M)) { - ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv; + ARMMMUIdx mmu_idx; - if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { - mmu_idx = ARMMMUIdx_MNegPri; + if (el == 0) { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; + } else { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; } - if (env->v7m.secure) { - mmu_idx += ARMMMUIdx_MSUser; + if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { + mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; } return arm_to_core_mmu_idx(mmu_idx); -- 2.7.4 For the SG instruction and secure function return we are going to want to do memory accesses using the MMU index of the CPU in secure state, even though the CPU is currently in non-secure state. Write arm_v7m_mmu_idx_for_secstate() to do this job, and use it in cpu_mmu_index(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-17-git-send-email-peter.maydell@linaro.org --- target/arm/cpu.h | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx) } } +/* Return the MMU index for a v7M CPU in the specified security state */ +static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, + bool secstate) +{ + int el = arm_current_el(env); + ARMMMUIdx mmu_idx; + + if (el == 0) { + mmu_idx = secstate ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; + } else { + mmu_idx = secstate ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; + } + + if (armv7m_nvic_neg_prio_requested(env->nvic, secstate)) { + mmu_idx = secstate ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; + } + + return mmu_idx; +} + /* Determine the current mmu_idx to use for normal loads/stores */ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) { int el = arm_current_el(env); if (arm_feature(env, ARM_FEATURE_M)) { - ARMMMUIdx mmu_idx; - - if (el == 0) { - mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser; - } else { - mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv; - } - - if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { - mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri; - } + ARMMMUIdx mmu_idx = arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure); return arm_to_core_mmu_idx(mmu_idx); } -- 2.7.4 When we added support for the new SHCSR bits in v8M in commit 437d59c17e9 the code to support writing to the new HARDFAULTPENDED bit was accidentally only added for non-secure writes; the secure banked version of the bit should also be writable. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-21-git-send-email-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, s->sec_vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0; s->sec_vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0; + s->sec_vectors[ARMV7M_EXCP_HARD].pending = (value & (1 << 21)) != 0; /* SecureFault not banked, but RAZ/WI to NS */ s->vectors[ARMV7M_EXCP_SECURE].active = (value & (1 << 4)) != 0; s->vectors[ARMV7M_EXCP_SECURE].enabled = (value & (1 << 19)) != 0; -- 2.7.4 The following changes since commit e670f6d825d4dee248b311197fd4048469d6772b: Merge remote-tracking branch 'remotes/legoater/tags/pull-ppc-20220218' into staging (2022-02-20 15:05:41 +0000) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220221 for you to fetch changes up to d6333e2543fa41aed4d33f77c808168373e39bff: ui/cocoa: Fix the leak of qemu_console_get_label (2022-02-21 09:12:18 +0000) ---------------------------------------------------------------- arm, cocoa and misc: * MAINTAINERS file updates * Mark remaining global TypeInfo instances as const * checkpatch: Ensure that TypeInfos are const * tests/qtest: add qtests for npcm7xx sdhci * arm hvf: Handle unknown ID registers as RES0 * Make KVM -cpu max exactly like -cpu host * Fix '-cpu max' for HVF * Support PAuth extension for hvf * Kconfig: Add I2C_DEVICES device group * Kconfig: Add 'imply I2C_DEVICES' on boards with available i2c bus * hw/arm/armv7m: Handle disconnected clock inputs * osdep.h: pull out various things into new header files * hw/timer: fix a9gtimer vmstate * hw/arm: add initial mori-bmc board * ui/cocoa: Remove allowedFileTypes restriction in SavePanel * ui/cocoa: Do not alert even without block devices * ui/cocoa: Fix the leak of qemu_console_get_label ---------------------------------------------------------------- Akihiko Odaki (3): MAINTAINERS: Add Akihiko Odaki to macOS-relateds ui/cocoa: Do not alert even without block devices ui/cocoa: Fix the leak of qemu_console_get_label Alexander Graf (2): hvf: arm: Use macros for sysreg shift/masking hvf: arm: Handle unknown ID registers as RES0 Ani Sinha (1): MAINTAINERS: Adding myself as a reviewer of some components Bernhard Beschow (2): Mark remaining global TypeInfo instances as const checkpatch: Ensure that TypeInfos are const Patrick Venture (1): hw/arm: add initial mori-bmc board Pavel Dovgalyuk (1): hw/timer: fix a9gtimer vmstate Peter Maydell (14): target/arm: Move '-cpu host' code to cpu64.c target/arm: Use aarch64_cpu_register() for 'host' CPU type target/arm: Make KVM -cpu max exactly like -cpu host target/arm: Unindent unnecessary else-clause target/arm: Fix '-cpu max' for HVF target/arm: Support PAuth extension for hvf Kconfig: Add I2C_DEVICES device group Kconfig: Add 'imply I2C_DEVICES' on boards with available i2c bus hw/arm/armv7m: Handle disconnected clock inputs include: Move qemu_madvise() and related #defines to new qemu/madvise.h include: Move qemu_mprotect_*() to new qemu/mprotect.h include: Move QEMU_MAP_* constants to mmap-alloc.h include: Move qemu_[id]cache_* declarations to new qemu/cacheinfo.h include: Move hardware version declarations to new qemu/hw-version.h Philippe Mathieu-Daudé (1): ui/cocoa: Remove allowedFileTypes restriction in SavePanel Shengtan Mao (1): tests/qtest: add qtests for npcm7xx sdhci docs/devel/kconfig.rst | 8 +- docs/system/arm/nuvoton.rst | 1 + include/qemu/cacheinfo.h | 21 +++ include/qemu/hw-version.h | 27 ++++ include/qemu/madvise.h | 95 +++++++++++ include/qemu/mmap-alloc.h | 23 +++ include/qemu/mprotect.h | 14 ++ include/qemu/osdep.h | 132 ---------------- accel/tcg/translate-all.c | 1 + backends/hostmem-file.c | 1 + backends/hostmem.c | 1 + hw/arm/armv7m.c | 26 ++- hw/arm/npcm7xx_boards.c | 32 ++++ hw/arm/nseries.c | 1 + hw/core/generic-loader.c | 2 +- hw/core/guest-loader.c | 2 +- hw/display/bcm2835_fb.c | 2 +- hw/display/i2c-ddc.c | 2 +- hw/display/macfb.c | 4 +- hw/display/virtio-vga.c | 2 +- hw/dma/bcm2835_dma.c | 2 +- hw/i386/pc_piix.c | 2 +- hw/i386/sgx-epc.c | 2 +- hw/ide/core.c | 1 + hw/intc/bcm2835_ic.c | 2 +- hw/intc/bcm2836_control.c | 2 +- hw/ipmi/ipmi.c | 4 +- hw/mem/nvdimm.c | 2 +- hw/mem/pc-dimm.c | 2 +- hw/misc/bcm2835_mbox.c | 2 +- hw/misc/bcm2835_powermgt.c | 2 +- hw/misc/bcm2835_property.c | 2 +- hw/misc/bcm2835_rng.c | 2 +- hw/misc/pvpanic-isa.c | 2 +- hw/misc/pvpanic-pci.c | 2 +- hw/net/fsl_etsec/etsec.c | 2 +- hw/ppc/prep_systemio.c | 2 +- hw/ppc/spapr_iommu.c | 2 +- hw/s390x/s390-pci-bus.c | 2 +- hw/s390x/sclp.c | 2 +- hw/s390x/tod-kvm.c | 2 +- hw/s390x/tod-tcg.c | 2 +- hw/s390x/tod.c | 2 +- hw/scsi/lsi53c895a.c | 2 +- hw/scsi/megasas.c | 1 + hw/scsi/scsi-bus.c | 1 + hw/scsi/scsi-disk.c | 1 + hw/sd/allwinner-sdhost.c | 2 +- hw/sd/aspeed_sdhci.c | 2 +- hw/sd/bcm2835_sdhost.c | 2 +- hw/sd/cadence_sdhci.c | 2 +- hw/sd/npcm7xx_sdhci.c | 2 +- hw/timer/a9gtimer.c | 21 +++ hw/usb/dev-mtp.c | 2 +- hw/usb/host-libusb.c | 2 +- hw/vfio/igd.c | 2 +- hw/virtio/virtio-balloon.c | 1 + hw/virtio/virtio-pmem.c | 2 +- migration/postcopy-ram.c | 1 + migration/qemu-file.c | 1 + migration/ram.c | 1 + plugins/loader.c | 1 + qom/object.c | 4 +- softmmu/physmem.c | 1 + softmmu/vl.c | 1 + target/arm/cpu.c | 30 ---- target/arm/cpu64.c | 331 +++++++++++++++++++++------------------ target/arm/hvf/hvf.c | 83 +++++++--- target/i386/cpu.c | 1 + target/s390x/cpu_models.c | 1 + tcg/region.c | 3 + tcg/tcg.c | 1 + tests/qtest/npcm7xx_sdhci-test.c | 215 +++++++++++++++++++++++++ util/atomic64.c | 1 + util/cacheflush.c | 1 + util/cacheinfo.c | 1 + util/osdep.c | 3 + util/oslib-posix.c | 1 + MAINTAINERS | 5 + hw/arm/Kconfig | 10 ++ hw/i2c/Kconfig | 5 + hw/rtc/Kconfig | 2 + hw/sensor/Kconfig | 5 + scripts/checkpatch.pl | 1 + tests/qtest/meson.build | 1 + ui/cocoa.m | 15 +- 86 files changed, 822 insertions(+), 393 deletions(-) create mode 100644 include/qemu/cacheinfo.h create mode 100644 include/qemu/hw-version.h create mode 100644 include/qemu/madvise.h create mode 100644 include/qemu/mprotect.h create mode 100644 tests/qtest/npcm7xx_sdhci-test.c From: Ani Sinha <ani@anisinha.ca> Added myself as a reviewer of vmgenid, unimplemented device and empty slot. Signed-off-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220131122001.1476101-1-ani@anisinha.ca Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- MAINTAINERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index XXXXXXX..XXXXXXX 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -XXX,XX +XXX,XX @@ F: tests/qtest/prom-env-test.c VM Generation ID S: Orphan +R: Ani Sinha <ani@anisinha.ca> F: hw/acpi/vmgenid.c F: include/hw/acpi/vmgenid.h F: docs/specs/vmgenid.txt @@ -XXX,XX +XXX,XX @@ F: hw/misc/led.c Unimplemented device M: Peter Maydell <peter.maydell@linaro.org> R: Philippe Mathieu-Daudé <f4bug@amsat.org> +R: Ani Sinha <ani@anisinha.ca> S: Maintained F: include/hw/misc/unimp.h F: hw/misc/unimp.c @@ -XXX,XX +XXX,XX @@ F: hw/misc/unimp.c Empty slot M: Artyom Tarasenko <atar4qemu@gmail.com> R: Philippe Mathieu-Daudé <f4bug@amsat.org> +R: Ani Sinha <ani@anisinha.ca> S: Maintained F: include/hw/misc/empty_slot.h F: hw/misc/empty_slot.c -- 2.25.1 From: Shengtan Mao <stmao@google.com> Reviewed-by: Hao Wu <wuhaotsh@google.com> Reviewed-by: Chris Rauer <crauer@google.com> Signed-off-by: Shengtan Mao <stmao@google.com> Signed-off-by: Patrick Venture <venture@google.com> Message-id: 20220208181843.4003568-1-venture@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/qtest/npcm7xx_sdhci-test.c | 215 +++++++++++++++++++++++++++++++ tests/qtest/meson.build | 1 + 2 files changed, 216 insertions(+) create mode 100644 tests/qtest/npcm7xx_sdhci-test.c diff --git a/tests/qtest/npcm7xx_sdhci-test.c b/tests/qtest/npcm7xx_sdhci-test.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/tests/qtest/npcm7xx_sdhci-test.c @@ -XXX,XX +XXX,XX @@ +/* + * QTests for NPCM7xx SD-3.0 / MMC-4.51 Host Controller + * + * Copyright (c) 2022 Google LLC + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "qemu/osdep.h" +#include "hw/sd/npcm7xx_sdhci.h" + +#include "libqos/libqtest.h" +#include "libqtest-single.h" +#include "libqos/sdhci-cmd.h" + +#define NPCM7XX_REG_SIZE 0x100 +#define NPCM7XX_MMC_BA 0xF0842000 +#define NPCM7XX_BLK_SIZE 512 +#define NPCM7XX_TEST_IMAGE_SIZE (1 << 30) + +char *sd_path; + +static QTestState *setup_sd_card(void) +{ + QTestState *qts = qtest_initf( + "-machine kudo-bmc " + "-device sd-card,drive=drive0 " + "-drive id=drive0,if=none,file=%s,format=raw,auto-read-only=off", + sd_path); + + qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_SWRST, SDHC_RESET_ALL); + qtest_writew(qts, NPCM7XX_MMC_BA + SDHC_CLKCON, + SDHC_CLOCK_SDCLK_EN | SDHC_CLOCK_INT_STABLE | + SDHC_CLOCK_INT_EN); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_APP_CMD); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x41200000, 0, (41 << 8)); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_ALL_SEND_CID); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0, 0, SDHC_SEND_RELATIVE_ADDR); + sdhci_cmd_regs(qts, NPCM7XX_MMC_BA, 0, 0, 0x45670000, 0, + SDHC_SELECT_DESELECT_CARD); + + return qts; +} + +static void write_sdread(QTestState *qts, const char *msg) +{ + int fd, ret; + size_t len = strlen(msg); + char *rmsg = g_malloc(len); + + /* write message to sd */ + fd = open(sd_path, O_WRONLY); + g_assert(fd >= 0); + ret = write(fd, msg, len); + close(fd); + g_assert(ret == len); + + /* read message using sdhci */ + ret = sdhci_read_cmd(qts, NPCM7XX_MMC_BA, rmsg, len); + g_assert(ret == len); + g_assert(!strcmp(rmsg, msg)); + + g_free(rmsg); +} + +/* Check MMC can read values from sd */ +static void test_read_sd(void) +{ + QTestState *qts = setup_sd_card(); + + write_sdread(qts, "hello world"); + write_sdread(qts, "goodbye"); + + qtest_quit(qts); +} + +static void sdwrite_read(QTestState *qts, const char *msg) +{ + int fd, ret; + size_t len = strlen(msg); + char *rmsg = g_malloc(len); + + /* write message using sdhci */ + sdhci_write_cmd(qts, NPCM7XX_MMC_BA, msg, len, NPCM7XX_BLK_SIZE); + + /* read message from sd */ + fd = open(sd_path, O_RDONLY); + g_assert(fd >= 0); + ret = read(fd, rmsg, len); + close(fd); + g_assert(ret == len); + + g_assert(!strcmp(rmsg, msg)); + + g_free(rmsg); +} + +/* Check MMC can write values to sd */ +static void test_write_sd(void) +{ + QTestState *qts = setup_sd_card(); + + sdwrite_read(qts, "hello world"); + sdwrite_read(qts, "goodbye"); + + qtest_quit(qts); +} + +/* Check SDHCI has correct default values. */ +static void test_reset(void) +{ + QTestState *qts = qtest_init("-machine kudo-bmc"); + uint64_t addr = NPCM7XX_MMC_BA; + uint64_t end_addr = addr + NPCM7XX_REG_SIZE; + uint16_t prstvals_resets[] = {NPCM7XX_PRSTVALS_0_RESET, + NPCM7XX_PRSTVALS_1_RESET, + 0, + NPCM7XX_PRSTVALS_3_RESET, + 0, + 0}; + int i; + uint32_t mask; + + while (addr < end_addr) { + switch (addr - NPCM7XX_MMC_BA) { + case SDHC_PRNSTS: + /* + * ignores bits 20 to 24: they are changed when reading registers + */ + mask = 0x1f00000; + g_assert_cmphex(qtest_readl(qts, addr) | mask, ==, + NPCM7XX_PRSNTS_RESET | mask); + addr += 4; + break; + case SDHC_BLKGAP: + g_assert_cmphex(qtest_readb(qts, addr), ==, NPCM7XX_BLKGAP_RESET); + addr += 1; + break; + case SDHC_CAPAB: + g_assert_cmphex(qtest_readq(qts, addr), ==, NPCM7XX_CAPAB_RESET); + addr += 8; + break; + case SDHC_MAXCURR: + g_assert_cmphex(qtest_readq(qts, addr), ==, NPCM7XX_MAXCURR_RESET); + addr += 8; + break; + case SDHC_HCVER: + g_assert_cmphex(qtest_readw(qts, addr), ==, NPCM7XX_HCVER_RESET); + addr += 2; + break; + case NPCM7XX_PRSTVALS: + for (i = 0; i < NPCM7XX_PRSTVALS_SIZE; ++i) { + g_assert_cmphex(qtest_readw(qts, addr + 2 * i), ==, + prstvals_resets[i]); + } + addr += NPCM7XX_PRSTVALS_SIZE * 2; + break; + default: + g_assert_cmphex(qtest_readb(qts, addr), ==, 0); + addr += 1; + } + } + + qtest_quit(qts); +} + +static void drive_destroy(void) +{ + unlink(sd_path); + g_free(sd_path); +} + +static void drive_create(void) +{ + int fd, ret; + GError *error = NULL; + + /* Create a temporary raw image */ + fd = g_file_open_tmp("sdhci_XXXXXX", &sd_path, &error); + if (fd == -1) { + fprintf(stderr, "unable to create sdhci file: %s\n", error->message); + g_error_free(error); + } + g_assert(sd_path != NULL); + + ret = ftruncate(fd, NPCM7XX_TEST_IMAGE_SIZE); + g_assert_cmpint(ret, ==, 0); + g_message("%s", sd_path); + close(fd); +} + +int main(int argc, char **argv) +{ + int ret; + + drive_create(); + + g_test_init(&argc, &argv, NULL); + + qtest_add_func("npcm7xx_sdhci/reset", test_reset); + qtest_add_func("npcm7xx_sdhci/write_sd", test_write_sd); + qtest_add_func("npcm7xx_sdhci/read_sd", test_read_sd); + + ret = g_test_run(); + drive_destroy(); + return ret; +} diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index XXXXXXX..XXXXXXX 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -XXX,XX +XXX,XX @@ qtests_npcm7xx = \ 'npcm7xx_gpio-test', 'npcm7xx_pwm-test', 'npcm7xx_rng-test', + 'npcm7xx_sdhci-test', 'npcm7xx_smbus-test', 'npcm7xx_timer-test', 'npcm7xx_watchdog_timer-test'] + \ -- 2.25.1 From: Alexander Graf <agraf@csgraf.de> We are parsing the syndrome field for sysregs in multiple places across the hvf code, but repeat shift/mask operations with hard coded constants every time. This is an error prone approach and makes it harder to reason about the correctness of these operations. Let's introduce macros that allow us to unify the constants used as well as create new helpers to extract fields from the sysreg value. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Cameron Esfahani <dirty@apple.com <mailto:dirty@apple.com>> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220209124135.69183-1-agraf@csgraf.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/hvf/hvf.c | 69 ++++++++++++++++++++++++++++++-------------- 1 file changed, 47 insertions(+), 22 deletions(-) diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -XXX,XX +XXX,XX @@ ENCODE_AA64_CP_REG(CP_REG_ARM64_SYSREG_CP, crn, crm, op0, op1, op2) #define PL1_WRITE_MASK 0x4 +#define SYSREG_OP0_SHIFT 20 +#define SYSREG_OP0_MASK 0x3 +#define SYSREG_OP0(sysreg) ((sysreg >> SYSREG_OP0_SHIFT) & SYSREG_OP0_MASK) +#define SYSREG_OP1_SHIFT 14 +#define SYSREG_OP1_MASK 0x7 +#define SYSREG_OP1(sysreg) ((sysreg >> SYSREG_OP1_SHIFT) & SYSREG_OP1_MASK) +#define SYSREG_CRN_SHIFT 10 +#define SYSREG_CRN_MASK 0xf +#define SYSREG_CRN(sysreg) ((sysreg >> SYSREG_CRN_SHIFT) & SYSREG_CRN_MASK) +#define SYSREG_CRM_SHIFT 1 +#define SYSREG_CRM_MASK 0xf +#define SYSREG_CRM(sysreg) ((sysreg >> SYSREG_CRM_SHIFT) & SYSREG_CRM_MASK) +#define SYSREG_OP2_SHIFT 17 +#define SYSREG_OP2_MASK 0x7 +#define SYSREG_OP2(sysreg) ((sysreg >> SYSREG_OP2_SHIFT) & SYSREG_OP2_MASK) + #define SYSREG(op0, op1, crn, crm, op2) \ - ((op0 << 20) | (op2 << 17) | (op1 << 14) | (crn << 10) | (crm << 1)) -#define SYSREG_MASK SYSREG(0x3, 0x7, 0xf, 0xf, 0x7) + ((op0 << SYSREG_OP0_SHIFT) | \ + (op1 << SYSREG_OP1_SHIFT) | \ + (crn << SYSREG_CRN_SHIFT) | \ + (crm << SYSREG_CRM_SHIFT) | \ + (op2 << SYSREG_OP2_SHIFT)) +#define SYSREG_MASK \ + SYSREG(SYSREG_OP0_MASK, \ + SYSREG_OP1_MASK, \ + SYSREG_CRN_MASK, \ + SYSREG_CRM_MASK, \ + SYSREG_OP2_MASK) #define SYSREG_OSLAR_EL1 SYSREG(2, 0, 1, 0, 4) #define SYSREG_OSLSR_EL1 SYSREG(2, 0, 1, 1, 4) #define SYSREG_OSDLR_EL1 SYSREG(2, 0, 1, 3, 4) @@ -XXX,XX +XXX,XX @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt) default: cpu_synchronize_state(cpu); trace_hvf_unhandled_sysreg_read(env->pc, reg, - (reg >> 20) & 0x3, - (reg >> 14) & 0x7, - (reg >> 10) & 0xf, - (reg >> 1) & 0xf, - (reg >> 17) & 0x7); + SYSREG_OP0(reg), + SYSREG_OP1(reg), + SYSREG_CRN(reg), + SYSREG_CRM(reg), + SYSREG_OP2(reg)); hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized()); return 1; } trace_hvf_sysreg_read(reg, - (reg >> 20) & 0x3, - (reg >> 14) & 0x7, - (reg >> 10) & 0xf, - (reg >> 1) & 0xf, - (reg >> 17) & 0x7, + SYSREG_OP0(reg), + SYSREG_OP1(reg), + SYSREG_CRN(reg), + SYSREG_CRM(reg), + SYSREG_OP2(reg), val); hvf_set_reg(cpu, rt, val); @@ -XXX,XX +XXX,XX @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val) CPUARMState *env = &arm_cpu->env; trace_hvf_sysreg_write(reg, - (reg >> 20) & 0x3, - (reg >> 14) & 0x7, - (reg >> 10) & 0xf, - (reg >> 1) & 0xf, - (reg >> 17) & 0x7, + SYSREG_OP0(reg), + SYSREG_OP1(reg), + SYSREG_CRN(reg), + SYSREG_CRM(reg), + SYSREG_OP2(reg), val); switch (reg) { @@ -XXX,XX +XXX,XX @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val) default: cpu_synchronize_state(cpu); trace_hvf_unhandled_sysreg_write(env->pc, reg, - (reg >> 20) & 0x3, - (reg >> 14) & 0x7, - (reg >> 10) & 0xf, - (reg >> 1) & 0xf, - (reg >> 17) & 0x7); + SYSREG_OP0(reg), + SYSREG_OP1(reg), + SYSREG_CRN(reg), + SYSREG_CRM(reg), + SYSREG_OP2(reg)); hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized()); return 1; } -- 2.25.1 From: Alexander Graf <agraf@csgraf.de> Recent Linux versions added support to read ID_AA64ISAR2_EL1. On M1, those reads trap into QEMU which handles them as faults. However, AArch64 ID registers should always read as RES0. Let's handle them accordingly. This fixes booting Linux 5.17 guests. Cc: qemu-stable@nongnu.org Reported-by: Ivan Babrou <ivan@cloudflare.com> Signed-off-by: Alexander Graf <agraf@csgraf.de> Message-id: 20220209124135.69183-2-agraf@csgraf.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/hvf/hvf.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/hvf/hvf.c +++ b/target/arm/hvf/hvf.c @@ -XXX,XX +XXX,XX @@ static bool hvf_handle_psci_call(CPUState *cpu) return true; } +static bool is_id_sysreg(uint32_t reg) +{ + return SYSREG_OP0(reg) == 3 && + SYSREG_OP1(reg) == 0 && + SYSREG_CRN(reg) == 0 && + SYSREG_CRM(reg) >= 1 && + SYSREG_CRM(reg) < 8; +} + static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt) { ARMCPU *arm_cpu = ARM_CPU(cpu); @@ -XXX,XX +XXX,XX @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt) /* Dummy register */ break; default: + if (is_id_sysreg(reg)) { + /* ID system registers read as RES0 */ + val = 0; + break; + } cpu_synchronize_state(cpu); trace_hvf_unhandled_sysreg_read(env->pc, reg, SYSREG_OP0(reg), -- 2.25.1 From: Bernhard Beschow <shentey@gmail.com> More than 1k of TypeInfo instances are already marked as const. Mark the remaining ones, too. This commit was created with: git grep -z -l 'static TypeInfo' -- '*.c' | \ xargs -0 sed -i 's/static TypeInfo/static const TypeInfo/' Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Acked-by: Corey Minyard <cminyard@mvista.com> Message-id: 20220117145805.173070-2-shentey@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/core/generic-loader.c | 2 +- hw/core/guest-loader.c | 2 +- hw/display/bcm2835_fb.c | 2 +- hw/display/i2c-ddc.c | 2 +- hw/display/macfb.c | 4 ++-- hw/display/virtio-vga.c | 2 +- hw/dma/bcm2835_dma.c | 2 +- hw/i386/pc_piix.c | 2 +- hw/i386/sgx-epc.c | 2 +- hw/intc/bcm2835_ic.c | 2 +- hw/intc/bcm2836_control.c | 2 +- hw/ipmi/ipmi.c | 4 ++-- hw/mem/nvdimm.c | 2 +- hw/mem/pc-dimm.c | 2 +- hw/misc/bcm2835_mbox.c | 2 +- hw/misc/bcm2835_powermgt.c | 2 +- hw/misc/bcm2835_property.c | 2 +- hw/misc/bcm2835_rng.c | 2 +- hw/misc/pvpanic-isa.c | 2 +- hw/misc/pvpanic-pci.c | 2 +- hw/net/fsl_etsec/etsec.c | 2 +- hw/ppc/prep_systemio.c | 2 +- hw/ppc/spapr_iommu.c | 2 +- hw/s390x/s390-pci-bus.c | 2 +- hw/s390x/sclp.c | 2 +- hw/s390x/tod-kvm.c | 2 +- hw/s390x/tod-tcg.c | 2 +- hw/s390x/tod.c | 2 +- hw/scsi/lsi53c895a.c | 2 +- hw/sd/allwinner-sdhost.c | 2 +- hw/sd/aspeed_sdhci.c | 2 +- hw/sd/bcm2835_sdhost.c | 2 +- hw/sd/cadence_sdhci.c | 2 +- hw/sd/npcm7xx_sdhci.c | 2 +- hw/usb/dev-mtp.c | 2 +- hw/usb/host-libusb.c | 2 +- hw/vfio/igd.c | 2 +- hw/virtio/virtio-pmem.c | 2 +- qom/object.c | 4 ++-- 39 files changed, 42 insertions(+), 42 deletions(-) diff --git a/hw/core/generic-loader.c b/hw/core/generic-loader.c index XXXXXXX..XXXXXXX 100644 --- a/hw/core/generic-loader.c +++ b/hw/core/generic-loader.c @@ -XXX,XX +XXX,XX @@ static void generic_loader_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); } -static TypeInfo generic_loader_info = { +static const TypeInfo generic_loader_info = { .name = TYPE_GENERIC_LOADER, .parent = TYPE_DEVICE, .instance_size = sizeof(GenericLoaderState), diff --git a/hw/core/guest-loader.c b/hw/core/guest-loader.c index XXXXXXX..XXXXXXX 100644 --- a/hw/core/guest-loader.c +++ b/hw/core/guest-loader.c @@ -XXX,XX +XXX,XX @@ static void guest_loader_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); } -static TypeInfo guest_loader_info = { +static const TypeInfo guest_loader_info = { .name = TYPE_GUEST_LOADER, .parent = TYPE_DEVICE, .instance_size = sizeof(GuestLoaderState), diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c index XXXXXXX..XXXXXXX 100644 --- a/hw/display/bcm2835_fb.c +++ b/hw/display/bcm2835_fb.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_fb_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_fb; } -static TypeInfo bcm2835_fb_info = { +static const TypeInfo bcm2835_fb_info = { .name = TYPE_BCM2835_FB, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835FBState), diff --git a/hw/display/i2c-ddc.c b/hw/display/i2c-ddc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/display/i2c-ddc.c +++ b/hw/display/i2c-ddc.c @@ -XXX,XX +XXX,XX @@ static void i2c_ddc_class_init(ObjectClass *oc, void *data) isc->send = i2c_ddc_tx; } -static TypeInfo i2c_ddc_info = { +static const TypeInfo i2c_ddc_info = { .name = TYPE_I2CDDC, .parent = TYPE_I2C_SLAVE, .instance_size = sizeof(I2CDDCState), diff --git a/hw/display/macfb.c b/hw/display/macfb.c index XXXXXXX..XXXXXXX 100644 --- a/hw/display/macfb.c +++ b/hw/display/macfb.c @@ -XXX,XX +XXX,XX @@ static void macfb_nubus_class_init(ObjectClass *klass, void *data) device_class_set_props(dc, macfb_nubus_properties); } -static TypeInfo macfb_sysbus_info = { +static const TypeInfo macfb_sysbus_info = { .name = TYPE_MACFB, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(MacfbSysBusState), .class_init = macfb_sysbus_class_init, }; -static TypeInfo macfb_nubus_info = { +static const TypeInfo macfb_nubus_info = { .name = TYPE_NUBUS_MACFB, .parent = TYPE_NUBUS_DEVICE, .instance_size = sizeof(MacfbNubusState), diff --git a/hw/display/virtio-vga.c b/hw/display/virtio-vga.c index XXXXXXX..XXXXXXX 100644 --- a/hw/display/virtio-vga.c +++ b/hw/display/virtio-vga.c @@ -XXX,XX +XXX,XX @@ static void virtio_vga_base_class_init(ObjectClass *klass, void *data) virtio_vga_set_big_endian_fb); } -static TypeInfo virtio_vga_base_info = { +static const TypeInfo virtio_vga_base_info = { .name = TYPE_VIRTIO_VGA_BASE, .parent = TYPE_VIRTIO_PCI, .instance_size = sizeof(VirtIOVGABase), diff --git a/hw/dma/bcm2835_dma.c b/hw/dma/bcm2835_dma.c index XXXXXXX..XXXXXXX 100644 --- a/hw/dma/bcm2835_dma.c +++ b/hw/dma/bcm2835_dma.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_dma_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_dma; } -static TypeInfo bcm2835_dma_info = { +static const TypeInfo bcm2835_dma_info = { .name = TYPE_BCM2835_DMA, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835DMAState), diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index XXXXXXX..XXXXXXX 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -XXX,XX +XXX,XX @@ static void isa_bridge_class_init(ObjectClass *klass, void *data) k->class_id = PCI_CLASS_BRIDGE_ISA; }; -static TypeInfo isa_bridge_info = { +static const TypeInfo isa_bridge_info = { .name = "igd-passthrough-isa-bridge", .parent = TYPE_PCI_DEVICE, .instance_size = sizeof(PCIDevice), diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/i386/sgx-epc.c +++ b/hw/i386/sgx-epc.c @@ -XXX,XX +XXX,XX @@ static void sgx_epc_class_init(ObjectClass *oc, void *data) mdc->fill_device_info = sgx_epc_md_fill_device_info; } -static TypeInfo sgx_epc_info = { +static const TypeInfo sgx_epc_info = { .name = TYPE_SGX_EPC, .parent = TYPE_DEVICE, .instance_size = sizeof(SGXEPCDevice), diff --git a/hw/intc/bcm2835_ic.c b/hw/intc/bcm2835_ic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/bcm2835_ic.c +++ b/hw/intc/bcm2835_ic.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_ic_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_ic; } -static TypeInfo bcm2835_ic_info = { +static const TypeInfo bcm2835_ic_info = { .name = TYPE_BCM2835_IC, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835ICState), diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/bcm2836_control.c +++ b/hw/intc/bcm2836_control.c @@ -XXX,XX +XXX,XX @@ static void bcm2836_control_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2836_control; } -static TypeInfo bcm2836_control_info = { +static const TypeInfo bcm2836_control_info = { .name = TYPE_BCM2836_CONTROL, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2836ControlState), diff --git a/hw/ipmi/ipmi.c b/hw/ipmi/ipmi.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ipmi/ipmi.c +++ b/hw/ipmi/ipmi.c @@ -XXX,XX +XXX,XX @@ static void ipmi_interface_class_init(ObjectClass *class, void *data) ik->do_hw_op = ipmi_do_hw_op; } -static TypeInfo ipmi_interface_type_info = { +static const TypeInfo ipmi_interface_type_info = { .name = TYPE_IPMI_INTERFACE, .parent = TYPE_INTERFACE, .class_size = sizeof(IPMIInterfaceClass), @@ -XXX,XX +XXX,XX @@ static void bmc_class_init(ObjectClass *oc, void *data) device_class_set_props(dc, ipmi_bmc_properties); } -static TypeInfo ipmi_bmc_type_info = { +static const TypeInfo ipmi_bmc_type_info = { .name = TYPE_IPMI_BMC, .parent = TYPE_DEVICE, .instance_size = sizeof(IPMIBmc), diff --git a/hw/mem/nvdimm.c b/hw/mem/nvdimm.c index XXXXXXX..XXXXXXX 100644 --- a/hw/mem/nvdimm.c +++ b/hw/mem/nvdimm.c @@ -XXX,XX +XXX,XX @@ static void nvdimm_class_init(ObjectClass *oc, void *data) set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); } -static TypeInfo nvdimm_info = { +static const TypeInfo nvdimm_info = { .name = TYPE_NVDIMM, .parent = TYPE_PC_DIMM, .class_size = sizeof(NVDIMMClass), diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c index XXXXXXX..XXXXXXX 100644 --- a/hw/mem/pc-dimm.c +++ b/hw/mem/pc-dimm.c @@ -XXX,XX +XXX,XX @@ static void pc_dimm_class_init(ObjectClass *oc, void *data) mdc->fill_device_info = pc_dimm_md_fill_device_info; } -static TypeInfo pc_dimm_info = { +static const TypeInfo pc_dimm_info = { .name = TYPE_PC_DIMM, .parent = TYPE_DEVICE, .instance_size = sizeof(PCDIMMDevice), diff --git a/hw/misc/bcm2835_mbox.c b/hw/misc/bcm2835_mbox.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/bcm2835_mbox.c +++ b/hw/misc/bcm2835_mbox.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_mbox_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_mbox; } -static TypeInfo bcm2835_mbox_info = { +static const TypeInfo bcm2835_mbox_info = { .name = TYPE_BCM2835_MBOX, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835MboxState), diff --git a/hw/misc/bcm2835_powermgt.c b/hw/misc/bcm2835_powermgt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/bcm2835_powermgt.c +++ b/hw/misc/bcm2835_powermgt.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_powermgt_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_powermgt; } -static TypeInfo bcm2835_powermgt_info = { +static const TypeInfo bcm2835_powermgt_info = { .name = TYPE_BCM2835_POWERMGT, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835PowerMgtState), diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_property_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_property; } -static TypeInfo bcm2835_property_info = { +static const TypeInfo bcm2835_property_info = { .name = TYPE_BCM2835_PROPERTY, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835PropertyState), diff --git a/hw/misc/bcm2835_rng.c b/hw/misc/bcm2835_rng.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/bcm2835_rng.c +++ b/hw/misc/bcm2835_rng.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_rng_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_rng; } -static TypeInfo bcm2835_rng_info = { +static const TypeInfo bcm2835_rng_info = { .name = TYPE_BCM2835_RNG, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835RngState), diff --git a/hw/misc/pvpanic-isa.c b/hw/misc/pvpanic-isa.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/pvpanic-isa.c +++ b/hw/misc/pvpanic-isa.c @@ -XXX,XX +XXX,XX @@ static void pvpanic_isa_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); } -static TypeInfo pvpanic_isa_info = { +static const TypeInfo pvpanic_isa_info = { .name = TYPE_PVPANIC_ISA_DEVICE, .parent = TYPE_ISA_DEVICE, .instance_size = sizeof(PVPanicISAState), diff --git a/hw/misc/pvpanic-pci.c b/hw/misc/pvpanic-pci.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/pvpanic-pci.c +++ b/hw/misc/pvpanic-pci.c @@ -XXX,XX +XXX,XX @@ static void pvpanic_pci_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); } -static TypeInfo pvpanic_pci_info = { +static const TypeInfo pvpanic_pci_info = { .name = TYPE_PVPANIC_PCI_DEVICE, .parent = TYPE_PCI_DEVICE, .instance_size = sizeof(PVPanicPCIState), diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c index XXXXXXX..XXXXXXX 100644 --- a/hw/net/fsl_etsec/etsec.c +++ b/hw/net/fsl_etsec/etsec.c @@ -XXX,XX +XXX,XX @@ static void etsec_class_init(ObjectClass *klass, void *data) dc->user_creatable = true; } -static TypeInfo etsec_info = { +static const TypeInfo etsec_info = { .name = TYPE_ETSEC_COMMON, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(eTSEC), diff --git a/hw/ppc/prep_systemio.c b/hw/ppc/prep_systemio.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ppc/prep_systemio.c +++ b/hw/ppc/prep_systemio.c @@ -XXX,XX +XXX,XX @@ static void prep_systemio_class_initfn(ObjectClass *klass, void *data) device_class_set_props(dc, prep_systemio_properties); } -static TypeInfo prep_systemio800_info = { +static const TypeInfo prep_systemio800_info = { .name = TYPE_PREP_SYSTEMIO, .parent = TYPE_ISA_DEVICE, .instance_size = sizeof(PrepSystemIoState), diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ppc/spapr_iommu.c +++ b/hw/ppc/spapr_iommu.c @@ -XXX,XX +XXX,XX @@ static void spapr_tce_table_class_init(ObjectClass *klass, void *data) spapr_register_hypercall(H_STUFF_TCE, h_stuff_tce); } -static TypeInfo spapr_tce_table_info = { +static const TypeInfo spapr_tce_table_info = { .name = TYPE_SPAPR_TCE_TABLE, .parent = TYPE_DEVICE, .instance_size = sizeof(SpaprTceTable), diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index XXXXXXX..XXXXXXX 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -XXX,XX +XXX,XX @@ static const TypeInfo s390_pci_device_info = { .class_init = s390_pci_device_class_init, }; -static TypeInfo s390_pci_iommu_info = { +static const TypeInfo s390_pci_iommu_info = { .name = TYPE_S390_PCI_IOMMU, .parent = TYPE_OBJECT, .instance_size = sizeof(S390PCIIOMMU), diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c index XXXXXXX..XXXXXXX 100644 --- a/hw/s390x/sclp.c +++ b/hw/s390x/sclp.c @@ -XXX,XX +XXX,XX @@ static void sclp_class_init(ObjectClass *oc, void *data) sc->service_interrupt = service_interrupt; } -static TypeInfo sclp_info = { +static const TypeInfo sclp_info = { .name = TYPE_SCLP, .parent = TYPE_DEVICE, .instance_init = sclp_init, diff --git a/hw/s390x/tod-kvm.c b/hw/s390x/tod-kvm.c index XXXXXXX..XXXXXXX 100644 --- a/hw/s390x/tod-kvm.c +++ b/hw/s390x/tod-kvm.c @@ -XXX,XX +XXX,XX @@ static void kvm_s390_tod_init(Object *obj) td->stopped = false; } -static TypeInfo kvm_s390_tod_info = { +static const TypeInfo kvm_s390_tod_info = { .name = TYPE_KVM_S390_TOD, .parent = TYPE_S390_TOD, .instance_size = sizeof(S390TODState), diff --git a/hw/s390x/tod-tcg.c b/hw/s390x/tod-tcg.c index XXXXXXX..XXXXXXX 100644 --- a/hw/s390x/tod-tcg.c +++ b/hw/s390x/tod-tcg.c @@ -XXX,XX +XXX,XX @@ static void qemu_s390_tod_init(Object *obj) } } -static TypeInfo qemu_s390_tod_info = { +static const TypeInfo qemu_s390_tod_info = { .name = TYPE_QEMU_S390_TOD, .parent = TYPE_S390_TOD, .instance_size = sizeof(S390TODState), diff --git a/hw/s390x/tod.c b/hw/s390x/tod.c index XXXXXXX..XXXXXXX 100644 --- a/hw/s390x/tod.c +++ b/hw/s390x/tod.c @@ -XXX,XX +XXX,XX @@ static void s390_tod_class_init(ObjectClass *oc, void *data) dc->user_creatable = false; } -static TypeInfo s390_tod_info = { +static const TypeInfo s390_tod_info = { .name = TYPE_S390_TOD, .parent = TYPE_DEVICE, .instance_size = sizeof(S390TODState), diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index XXXXXXX..XXXXXXX 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -XXX,XX +XXX,XX @@ static void lsi53c810_class_init(ObjectClass *klass, void *data) k->device_id = PCI_DEVICE_ID_LSI_53C810; } -static TypeInfo lsi53c810_info = { +static const TypeInfo lsi53c810_info = { .name = TYPE_LSI53C810, .parent = TYPE_LSI53C895A, .class_init = lsi53c810_class_init, diff --git a/hw/sd/allwinner-sdhost.c b/hw/sd/allwinner-sdhost.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/allwinner-sdhost.c +++ b/hw/sd/allwinner-sdhost.c @@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_sun5i_class_init(ObjectClass *klass, void *data) sc->max_desc_size = 64 * KiB; } -static TypeInfo allwinner_sdhost_info = { +static const TypeInfo allwinner_sdhost_info = { .name = TYPE_AW_SDHOST, .parent = TYPE_SYS_BUS_DEVICE, .instance_init = allwinner_sdhost_init, diff --git a/hw/sd/aspeed_sdhci.c b/hw/sd/aspeed_sdhci.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/aspeed_sdhci.c +++ b/hw/sd/aspeed_sdhci.c @@ -XXX,XX +XXX,XX @@ static void aspeed_sdhci_class_init(ObjectClass *classp, void *data) device_class_set_props(dc, aspeed_sdhci_properties); } -static TypeInfo aspeed_sdhci_info = { +static const TypeInfo aspeed_sdhci_info = { .name = TYPE_ASPEED_SDHCI, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(AspeedSDHCIState), diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/bcm2835_sdhost.c +++ b/hw/sd/bcm2835_sdhost.c @@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_bcm2835_sdhost; } -static TypeInfo bcm2835_sdhost_info = { +static const TypeInfo bcm2835_sdhost_info = { .name = TYPE_BCM2835_SDHOST, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(BCM2835SDHostState), diff --git a/hw/sd/cadence_sdhci.c b/hw/sd/cadence_sdhci.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/cadence_sdhci.c +++ b/hw/sd/cadence_sdhci.c @@ -XXX,XX +XXX,XX @@ static void cadence_sdhci_class_init(ObjectClass *classp, void *data) dc->vmsd = &vmstate_cadence_sdhci; } -static TypeInfo cadence_sdhci_info = { +static const TypeInfo cadence_sdhci_info = { .name = TYPE_CADENCE_SDHCI, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(CadenceSDHCIState), diff --git a/hw/sd/npcm7xx_sdhci.c b/hw/sd/npcm7xx_sdhci.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/npcm7xx_sdhci.c +++ b/hw/sd/npcm7xx_sdhci.c @@ -XXX,XX +XXX,XX @@ static void npcm7xx_sdhci_instance_init(Object *obj) TYPE_SYSBUS_SDHCI); } -static TypeInfo npcm7xx_sdhci_info = { +static const TypeInfo npcm7xx_sdhci_info = { .name = TYPE_NPCM7XX_SDHCI, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(NPCM7xxSDHCIState), diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index XXXXXXX..XXXXXXX 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -XXX,XX +XXX,XX @@ static void usb_mtp_class_initfn(ObjectClass *klass, void *data) device_class_set_props(dc, mtp_properties); } -static TypeInfo mtp_info = { +static const TypeInfo mtp_info = { .name = TYPE_USB_MTP, .parent = TYPE_USB_DEVICE, .instance_size = sizeof(MTPState), diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index XXXXXXX..XXXXXXX 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -XXX,XX +XXX,XX @@ static void usb_host_class_initfn(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } -static TypeInfo usb_host_dev_info = { +static const TypeInfo usb_host_dev_info = { .name = TYPE_USB_HOST_DEVICE, .parent = TYPE_USB_DEVICE, .instance_size = sizeof(USBHostDevice), diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c index XXXXXXX..XXXXXXX 100644 --- a/hw/vfio/igd.c +++ b/hw/vfio/igd.c @@ -XXX,XX +XXX,XX @@ static void vfio_pci_igd_lpc_bridge_class_init(ObjectClass *klass, void *data) k->class_id = PCI_CLASS_BRIDGE_ISA; } -static TypeInfo vfio_pci_igd_lpc_bridge_info = { +static const TypeInfo vfio_pci_igd_lpc_bridge_info = { .name = "vfio-pci-igd-lpc-bridge", .parent = TYPE_PCI_DEVICE, .class_init = vfio_pci_igd_lpc_bridge_class_init, diff --git a/hw/virtio/virtio-pmem.c b/hw/virtio/virtio-pmem.c index XXXXXXX..XXXXXXX 100644 --- a/hw/virtio/virtio-pmem.c +++ b/hw/virtio/virtio-pmem.c @@ -XXX,XX +XXX,XX @@ static void virtio_pmem_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); } -static TypeInfo virtio_pmem_info = { +static const TypeInfo virtio_pmem_info = { .name = TYPE_VIRTIO_PMEM, .parent = TYPE_VIRTIO_DEVICE, .class_size = sizeof(VirtIOPMEMClass), diff --git a/qom/object.c b/qom/object.c index XXXXXXX..XXXXXXX 100644 --- a/qom/object.c +++ b/qom/object.c @@ -XXX,XX +XXX,XX @@ static void object_class_init(ObjectClass *klass, void *data) static void register_types(void) { - static TypeInfo interface_info = { + static const TypeInfo interface_info = { .name = TYPE_INTERFACE, .class_size = sizeof(InterfaceClass), .abstract = true, }; - static TypeInfo object_info = { + static const TypeInfo object_info = { .name = TYPE_OBJECT, .instance_size = sizeof(Object), .class_init = object_class_init, -- 2.25.1 From: Bernhard Beschow <shentey@gmail.com> Now that all static TypeInfo instances are declared const, prevent that new non-const instances are created. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220117145805.173070-3-shentey@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- scripts/checkpatch.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index XXXXXXX..XXXXXXX 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -XXX,XX +XXX,XX @@ sub process { SCSIBusInfo| SCSIReqOps| Spice[A-Z][a-zA-Z0-9]*Interface| + TypeInfo| USBDesc[A-Z][a-zA-Z0-9]*| VhostOps| VMStateDescription| -- 2.25.1 Now that KVM has dropped AArch32 host support, the 'host' CPU type is always AArch64, and we can move it to cpu64.c. This move will allow us to share code between it and '-cpu max', which should behave the same as '-cpu host' when using KVM or HVF. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220204165506.2846058-2-peter.maydell@linaro.org --- target/arm/cpu.c | 30 ------------------------------ target/arm/cpu64.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ #include "sysemu/tcg.h" #include "sysemu/hw_accel.h" #include "kvm_arm.h" -#include "hvf_arm.h" #include "disas/capstone.h" #include "fpu/softfloat.h" @@ -XXX,XX +XXX,XX @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) #endif /* CONFIG_TCG */ } -#if defined(CONFIG_KVM) || defined(CONFIG_HVF) -static void arm_host_initfn(Object *obj) -{ - ARMCPU *cpu = ARM_CPU(obj); - -#ifdef CONFIG_KVM - kvm_arm_set_cpu_features_from_host(cpu); - if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { - aarch64_add_sve_properties(obj); - aarch64_add_pauth_properties(obj); - } -#else - hvf_arm_set_cpu_features_from_host(cpu); -#endif - arm_cpu_post_init(obj); -} - -static const TypeInfo host_arm_cpu_type_info = { - .name = TYPE_ARM_HOST_CPU, - .parent = TYPE_AARCH64_CPU, - .instance_init = arm_host_initfn, -}; - -#endif - static void arm_cpu_instance_init(Object *obj) { ARMCPUClass *acc = ARM_CPU_GET_CLASS(obj); @@ -XXX,XX +XXX,XX @@ static const TypeInfo arm_cpu_type_info = { static void arm_cpu_register_types(void) { type_register_static(&arm_cpu_type_info); - -#if defined(CONFIG_KVM) || defined(CONFIG_HVF) - type_register_static(&host_arm_cpu_type_info); -#endif } type_init(arm_cpu_register_types) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ #endif #include "sysemu/kvm.h" #include "kvm_arm.h" +#include "hvf_arm.h" #include "qapi/visitor.h" #include "hw/qdev-properties.h" @@ -XXX,XX +XXX,XX @@ void aarch64_add_pauth_properties(Object *obj) } } +#if defined(CONFIG_KVM) || defined(CONFIG_HVF) +static void arm_host_initfn(Object *obj) +{ + ARMCPU *cpu = ARM_CPU(obj); + +#ifdef CONFIG_KVM + kvm_arm_set_cpu_features_from_host(cpu); + if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { + aarch64_add_sve_properties(obj); + aarch64_add_pauth_properties(obj); + } +#else + hvf_arm_set_cpu_features_from_host(cpu); +#endif + arm_cpu_post_init(obj); +} + +static const TypeInfo host_arm_cpu_type_info = { + .name = TYPE_ARM_HOST_CPU, + .parent = TYPE_AARCH64_CPU, + .instance_init = arm_host_initfn, +}; + +#endif + /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host); * otherwise, a CPU with as many features enabled as our emulation supports. * The version of '-cpu max' for qemu-system-arm is defined in cpu.c; @@ -XXX,XX +XXX,XX @@ static void aarch64_cpu_register_types(void) for (i = 0; i < ARRAY_SIZE(aarch64_cpus); ++i) { aarch64_cpu_register(&aarch64_cpus[i]); } + +#if defined(CONFIG_KVM) || defined(CONFIG_HVF) + type_register_static(&host_arm_cpu_type_info); +#endif } type_init(aarch64_cpu_register_types) -- 2.25.1 Use the aarch64_cpu_register() machinery to register the 'host' CPU type. This doesn't gain us anything functionally, but it does mean that the code for initializing it looks more like that for the other CPU types, in that its initfn then doesn't need to call arm_cpu_post_init() (because aarch64_cpu_instance_init() does that for it). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220204165506.2846058-3-peter.maydell@linaro.org --- target/arm/cpu64.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ void aarch64_add_pauth_properties(Object *obj) } #if defined(CONFIG_KVM) || defined(CONFIG_HVF) -static void arm_host_initfn(Object *obj) +static void aarch64_host_initfn(Object *obj) { ARMCPU *cpu = ARM_CPU(obj); @@ -XXX,XX +XXX,XX @@ static void arm_host_initfn(Object *obj) #else hvf_arm_set_cpu_features_from_host(cpu); #endif - arm_cpu_post_init(obj); } - -static const TypeInfo host_arm_cpu_type_info = { - .name = TYPE_ARM_HOST_CPU, - .parent = TYPE_AARCH64_CPU, - .instance_init = arm_host_initfn, -}; - #endif /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host); @@ -XXX,XX +XXX,XX @@ static const ARMCPUInfo aarch64_cpus[] = { { .name = "cortex-a72", .initfn = aarch64_a72_initfn }, { .name = "a64fx", .initfn = aarch64_a64fx_initfn }, { .name = "max", .initfn = aarch64_max_initfn }, +#if defined(CONFIG_KVM) || defined(CONFIG_HVF) + { .name = "host", .initfn = aarch64_host_initfn }, +#endif }; static bool aarch64_cpu_get_aarch64(Object *obj, Error **errp) @@ -XXX,XX +XXX,XX @@ static void aarch64_cpu_register_types(void) for (i = 0; i < ARRAY_SIZE(aarch64_cpus); ++i) { aarch64_cpu_register(&aarch64_cpus[i]); } - -#if defined(CONFIG_KVM) || defined(CONFIG_HVF) - type_register_static(&host_arm_cpu_type_info); -#endif } type_init(aarch64_cpu_register_types) -- 2.25.1 Currently for KVM the intention is that '-cpu max' and '-cpu host' are the same thing, but because we did this with two separate pieces of code they have got a little bit out of sync. Specifically, 'max' has a 'sve-max-vq' property, and 'host' does not. Bring the two together by having the initfn for 'max' actually call the initfn for 'host'. This will result in 'max' no longer exposing the 'sve-max-vq' property when using KVM. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220204165506.2846058-4-peter.maydell@linaro.org --- target/arm/cpu64.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ void aarch64_add_pauth_properties(Object *obj) } } -#if defined(CONFIG_KVM) || defined(CONFIG_HVF) static void aarch64_host_initfn(Object *obj) { +#if defined(CONFIG_KVM) ARMCPU *cpu = ARM_CPU(obj); - -#ifdef CONFIG_KVM kvm_arm_set_cpu_features_from_host(cpu); if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { aarch64_add_sve_properties(obj); aarch64_add_pauth_properties(obj); } -#else +#elif defined(CONFIG_HVF) + ARMCPU *cpu = ARM_CPU(obj); hvf_arm_set_cpu_features_from_host(cpu); +#else + g_assert_not_reached(); #endif } -#endif /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host); * otherwise, a CPU with as many features enabled as our emulation supports. @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) ARMCPU *cpu = ARM_CPU(obj); if (kvm_enabled()) { - kvm_arm_set_cpu_features_from_host(cpu); + /* With KVM, '-cpu max' is identical to '-cpu host' */ + aarch64_host_initfn(obj); + return; } else { uint64_t t; uint32_t u; -- 2.25.1 Now that the if() branch of the condition in aarch64_max_initfn() returns early, we don't need to keep the rest of the code in the function inside an else block. Remove the else, unindenting that code. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220204165506.2846058-5-peter.maydell@linaro.org --- target/arm/cpu64.c | 289 +++++++++++++++++++++++---------------------- 1 file changed, 146 insertions(+), 143 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_host_initfn(Object *obj) static void aarch64_max_initfn(Object *obj) { ARMCPU *cpu = ARM_CPU(obj); + uint64_t t; + uint32_t u; if (kvm_enabled()) { /* With KVM, '-cpu max' is identical to '-cpu host' */ aarch64_host_initfn(obj); return; - } else { - uint64_t t; - uint32_t u; - aarch64_a57_initfn(obj); + } - /* - * Reset MIDR so the guest doesn't mistake our 'max' CPU type for a real - * one and try to apply errata workarounds or use impdef features we - * don't provide. - * An IMPLEMENTER field of 0 means "reserved for software use"; - * ARCHITECTURE must be 0xf indicating "v7 or later, check ID registers - * to see which features are present"; - * the VARIANT, PARTNUM and REVISION fields are all implementation - * defined and we choose to define PARTNUM just in case guest - * code needs to distinguish this QEMU CPU from other software - * implementations, though this shouldn't be needed. - */ - t = FIELD_DP64(0, MIDR_EL1, IMPLEMENTER, 0); - t = FIELD_DP64(t, MIDR_EL1, ARCHITECTURE, 0xf); - t = FIELD_DP64(t, MIDR_EL1, PARTNUM, 'Q'); - t = FIELD_DP64(t, MIDR_EL1, VARIANT, 0); - t = FIELD_DP64(t, MIDR_EL1, REVISION, 0); - cpu->midr = t; + /* '-cpu max' for TCG: we currently do this as "A57 with extra things" */ - t = cpu->isar.id_aa64isar0; - t = FIELD_DP64(t, ID_AA64ISAR0, AES, 2); /* AES + PMULL */ - t = FIELD_DP64(t, ID_AA64ISAR0, SHA1, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, SHA2, 2); /* SHA512 */ - t = FIELD_DP64(t, ID_AA64ISAR0, CRC32, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, ATOMIC, 2); - t = FIELD_DP64(t, ID_AA64ISAR0, RDM, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, SHA3, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, SM3, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, SM4, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */ - t = FIELD_DP64(t, ID_AA64ISAR0, TLB, 2); /* FEAT_TLBIRANGE */ - t = FIELD_DP64(t, ID_AA64ISAR0, RNDR, 1); - cpu->isar.id_aa64isar0 = t; + aarch64_a57_initfn(obj); - t = cpu->isar.id_aa64isar1; - t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); - t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, BF16, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, FRINTTS, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, LRCPC, 2); /* ARMv8.4-RCPC */ - t = FIELD_DP64(t, ID_AA64ISAR1, I8MM, 1); - cpu->isar.id_aa64isar1 = t; + /* + * Reset MIDR so the guest doesn't mistake our 'max' CPU type for a real + * one and try to apply errata workarounds or use impdef features we + * don't provide. + * An IMPLEMENTER field of 0 means "reserved for software use"; + * ARCHITECTURE must be 0xf indicating "v7 or later, check ID registers + * to see which features are present"; + * the VARIANT, PARTNUM and REVISION fields are all implementation + * defined and we choose to define PARTNUM just in case guest + * code needs to distinguish this QEMU CPU from other software + * implementations, though this shouldn't be needed. + */ + t = FIELD_DP64(0, MIDR_EL1, IMPLEMENTER, 0); + t = FIELD_DP64(t, MIDR_EL1, ARCHITECTURE, 0xf); + t = FIELD_DP64(t, MIDR_EL1, PARTNUM, 'Q'); + t = FIELD_DP64(t, MIDR_EL1, VARIANT, 0); + t = FIELD_DP64(t, MIDR_EL1, REVISION, 0); + cpu->midr = t; - t = cpu->isar.id_aa64pfr0; - t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1); - t = FIELD_DP64(t, ID_AA64PFR0, FP, 1); - t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1); - t = FIELD_DP64(t, ID_AA64PFR0, SEL2, 1); - t = FIELD_DP64(t, ID_AA64PFR0, DIT, 1); - cpu->isar.id_aa64pfr0 = t; + t = cpu->isar.id_aa64isar0; + t = FIELD_DP64(t, ID_AA64ISAR0, AES, 2); /* AES + PMULL */ + t = FIELD_DP64(t, ID_AA64ISAR0, SHA1, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, SHA2, 2); /* SHA512 */ + t = FIELD_DP64(t, ID_AA64ISAR0, CRC32, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, ATOMIC, 2); + t = FIELD_DP64(t, ID_AA64ISAR0, RDM, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, SHA3, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, SM3, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, SM4, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */ + t = FIELD_DP64(t, ID_AA64ISAR0, TLB, 2); /* FEAT_TLBIRANGE */ + t = FIELD_DP64(t, ID_AA64ISAR0, RNDR, 1); + cpu->isar.id_aa64isar0 = t; - t = cpu->isar.id_aa64pfr1; - t = FIELD_DP64(t, ID_AA64PFR1, BT, 1); - t = FIELD_DP64(t, ID_AA64PFR1, SSBS, 2); - /* - * Begin with full support for MTE. This will be downgraded to MTE=0 - * during realize if the board provides no tag memory, much like - * we do for EL2 with the virtualization=on property. - */ - t = FIELD_DP64(t, ID_AA64PFR1, MTE, 3); - cpu->isar.id_aa64pfr1 = t; + t = cpu->isar.id_aa64isar1; + t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); + t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, BF16, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, FRINTTS, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, LRCPC, 2); /* ARMv8.4-RCPC */ + t = FIELD_DP64(t, ID_AA64ISAR1, I8MM, 1); + cpu->isar.id_aa64isar1 = t; - t = cpu->isar.id_aa64mmfr0; - t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */ - cpu->isar.id_aa64mmfr0 = t; + t = cpu->isar.id_aa64pfr0; + t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1); + t = FIELD_DP64(t, ID_AA64PFR0, FP, 1); + t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1); + t = FIELD_DP64(t, ID_AA64PFR0, SEL2, 1); + t = FIELD_DP64(t, ID_AA64PFR0, DIT, 1); + cpu->isar.id_aa64pfr0 = t; - t = cpu->isar.id_aa64mmfr1; - t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */ - t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1); - t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1); - t = FIELD_DP64(t, ID_AA64MMFR1, PAN, 2); /* ATS1E1 */ - t = FIELD_DP64(t, ID_AA64MMFR1, VMIDBITS, 2); /* VMID16 */ - t = FIELD_DP64(t, ID_AA64MMFR1, XNX, 1); /* TTS2UXN */ - cpu->isar.id_aa64mmfr1 = t; + t = cpu->isar.id_aa64pfr1; + t = FIELD_DP64(t, ID_AA64PFR1, BT, 1); + t = FIELD_DP64(t, ID_AA64PFR1, SSBS, 2); + /* + * Begin with full support for MTE. This will be downgraded to MTE=0 + * during realize if the board provides no tag memory, much like + * we do for EL2 with the virtualization=on property. + */ + t = FIELD_DP64(t, ID_AA64PFR1, MTE, 3); + cpu->isar.id_aa64pfr1 = t; - t = cpu->isar.id_aa64mmfr2; - t = FIELD_DP64(t, ID_AA64MMFR2, UAO, 1); - t = FIELD_DP64(t, ID_AA64MMFR2, CNP, 1); /* TTCNP */ - t = FIELD_DP64(t, ID_AA64MMFR2, ST, 1); /* TTST */ - cpu->isar.id_aa64mmfr2 = t; + t = cpu->isar.id_aa64mmfr0; + t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */ + cpu->isar.id_aa64mmfr0 = t; - t = cpu->isar.id_aa64zfr0; - t = FIELD_DP64(t, ID_AA64ZFR0, SVEVER, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, AES, 2); /* PMULL */ - t = FIELD_DP64(t, ID_AA64ZFR0, BITPERM, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, BFLOAT16, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, SHA3, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, SM4, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, I8MM, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, F32MM, 1); - t = FIELD_DP64(t, ID_AA64ZFR0, F64MM, 1); - cpu->isar.id_aa64zfr0 = t; + t = cpu->isar.id_aa64mmfr1; + t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */ + t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1); + t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1); + t = FIELD_DP64(t, ID_AA64MMFR1, PAN, 2); /* ATS1E1 */ + t = FIELD_DP64(t, ID_AA64MMFR1, VMIDBITS, 2); /* VMID16 */ + t = FIELD_DP64(t, ID_AA64MMFR1, XNX, 1); /* TTS2UXN */ + cpu->isar.id_aa64mmfr1 = t; - /* Replicate the same data to the 32-bit id registers. */ - u = cpu->isar.id_isar5; - u = FIELD_DP32(u, ID_ISAR5, AES, 2); /* AES + PMULL */ - u = FIELD_DP32(u, ID_ISAR5, SHA1, 1); - u = FIELD_DP32(u, ID_ISAR5, SHA2, 1); - u = FIELD_DP32(u, ID_ISAR5, CRC32, 1); - u = FIELD_DP32(u, ID_ISAR5, RDM, 1); - u = FIELD_DP32(u, ID_ISAR5, VCMA, 1); - cpu->isar.id_isar5 = u; + t = cpu->isar.id_aa64mmfr2; + t = FIELD_DP64(t, ID_AA64MMFR2, UAO, 1); + t = FIELD_DP64(t, ID_AA64MMFR2, CNP, 1); /* TTCNP */ + t = FIELD_DP64(t, ID_AA64MMFR2, ST, 1); /* TTST */ + cpu->isar.id_aa64mmfr2 = t; - u = cpu->isar.id_isar6; - u = FIELD_DP32(u, ID_ISAR6, JSCVT, 1); - u = FIELD_DP32(u, ID_ISAR6, DP, 1); - u = FIELD_DP32(u, ID_ISAR6, FHM, 1); - u = FIELD_DP32(u, ID_ISAR6, SB, 1); - u = FIELD_DP32(u, ID_ISAR6, SPECRES, 1); - u = FIELD_DP32(u, ID_ISAR6, BF16, 1); - u = FIELD_DP32(u, ID_ISAR6, I8MM, 1); - cpu->isar.id_isar6 = u; + t = cpu->isar.id_aa64zfr0; + t = FIELD_DP64(t, ID_AA64ZFR0, SVEVER, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, AES, 2); /* PMULL */ + t = FIELD_DP64(t, ID_AA64ZFR0, BITPERM, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, BFLOAT16, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, SHA3, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, SM4, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, I8MM, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, F32MM, 1); + t = FIELD_DP64(t, ID_AA64ZFR0, F64MM, 1); + cpu->isar.id_aa64zfr0 = t; - u = cpu->isar.id_pfr0; - u = FIELD_DP32(u, ID_PFR0, DIT, 1); - cpu->isar.id_pfr0 = u; + /* Replicate the same data to the 32-bit id registers. */ + u = cpu->isar.id_isar5; + u = FIELD_DP32(u, ID_ISAR5, AES, 2); /* AES + PMULL */ + u = FIELD_DP32(u, ID_ISAR5, SHA1, 1); + u = FIELD_DP32(u, ID_ISAR5, SHA2, 1); + u = FIELD_DP32(u, ID_ISAR5, CRC32, 1); + u = FIELD_DP32(u, ID_ISAR5, RDM, 1); + u = FIELD_DP32(u, ID_ISAR5, VCMA, 1); + cpu->isar.id_isar5 = u; - u = cpu->isar.id_pfr2; - u = FIELD_DP32(u, ID_PFR2, SSBS, 1); - cpu->isar.id_pfr2 = u; + u = cpu->isar.id_isar6; + u = FIELD_DP32(u, ID_ISAR6, JSCVT, 1); + u = FIELD_DP32(u, ID_ISAR6, DP, 1); + u = FIELD_DP32(u, ID_ISAR6, FHM, 1); + u = FIELD_DP32(u, ID_ISAR6, SB, 1); + u = FIELD_DP32(u, ID_ISAR6, SPECRES, 1); + u = FIELD_DP32(u, ID_ISAR6, BF16, 1); + u = FIELD_DP32(u, ID_ISAR6, I8MM, 1); + cpu->isar.id_isar6 = u; - u = cpu->isar.id_mmfr3; - u = FIELD_DP32(u, ID_MMFR3, PAN, 2); /* ATS1E1 */ - cpu->isar.id_mmfr3 = u; + u = cpu->isar.id_pfr0; + u = FIELD_DP32(u, ID_PFR0, DIT, 1); + cpu->isar.id_pfr0 = u; - u = cpu->isar.id_mmfr4; - u = FIELD_DP32(u, ID_MMFR4, HPDS, 1); /* AA32HPD */ - u = FIELD_DP32(u, ID_MMFR4, AC2, 1); /* ACTLR2, HACTLR2 */ - u = FIELD_DP32(u, ID_MMFR4, CNP, 1); /* TTCNP */ - u = FIELD_DP32(u, ID_MMFR4, XNX, 1); /* TTS2UXN */ - cpu->isar.id_mmfr4 = u; + u = cpu->isar.id_pfr2; + u = FIELD_DP32(u, ID_PFR2, SSBS, 1); + cpu->isar.id_pfr2 = u; - t = cpu->isar.id_aa64dfr0; - t = FIELD_DP64(t, ID_AA64DFR0, PMUVER, 5); /* v8.4-PMU */ - cpu->isar.id_aa64dfr0 = t; + u = cpu->isar.id_mmfr3; + u = FIELD_DP32(u, ID_MMFR3, PAN, 2); /* ATS1E1 */ + cpu->isar.id_mmfr3 = u; - u = cpu->isar.id_dfr0; - u = FIELD_DP32(u, ID_DFR0, PERFMON, 5); /* v8.4-PMU */ - cpu->isar.id_dfr0 = u; + u = cpu->isar.id_mmfr4; + u = FIELD_DP32(u, ID_MMFR4, HPDS, 1); /* AA32HPD */ + u = FIELD_DP32(u, ID_MMFR4, AC2, 1); /* ACTLR2, HACTLR2 */ + u = FIELD_DP32(u, ID_MMFR4, CNP, 1); /* TTCNP */ + u = FIELD_DP32(u, ID_MMFR4, XNX, 1); /* TTS2UXN */ + cpu->isar.id_mmfr4 = u; - u = cpu->isar.mvfr1; - u = FIELD_DP32(u, MVFR1, FPHP, 3); /* v8.2-FP16 */ - u = FIELD_DP32(u, MVFR1, SIMDHP, 2); /* v8.2-FP16 */ - cpu->isar.mvfr1 = u; + t = cpu->isar.id_aa64dfr0; + t = FIELD_DP64(t, ID_AA64DFR0, PMUVER, 5); /* v8.4-PMU */ + cpu->isar.id_aa64dfr0 = t; + + u = cpu->isar.id_dfr0; + u = FIELD_DP32(u, ID_DFR0, PERFMON, 5); /* v8.4-PMU */ + cpu->isar.id_dfr0 = u; + + u = cpu->isar.mvfr1; + u = FIELD_DP32(u, MVFR1, FPHP, 3); /* v8.2-FP16 */ + u = FIELD_DP32(u, MVFR1, SIMDHP, 2); /* v8.2-FP16 */ + cpu->isar.mvfr1 = u; #ifdef CONFIG_USER_ONLY - /* For usermode -cpu max we can use a larger and more efficient DCZ - * blocksize since we don't have to follow what the hardware does. - */ - cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache */ - cpu->dcz_blocksize = 7; /* 512 bytes */ + /* + * For usermode -cpu max we can use a larger and more efficient DCZ + * blocksize since we don't have to follow what the hardware does. + */ + cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache */ + cpu->dcz_blocksize = 7; /* 512 bytes */ #endif - bitmap_fill(cpu->sve_vq_supported, ARM_MAX_VQ); - } + bitmap_fill(cpu->sve_vq_supported, ARM_MAX_VQ); aarch64_add_pauth_properties(obj); aarch64_add_sve_properties(obj); -- 2.25.1 Currently when using hvf we mishandle '-cpu max': we fall through to the TCG version of its initfn, which then sets a lot of feature bits that the real host CPU doesn't have. The hvf accelerator code then exposes these bogus ID register values to the guest because it doesn't check that the host really has the features. Make '-cpu host' be like '-cpu max' for hvf, as we do with kvm. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220204165506.2846058-6-peter.maydell@linaro.org --- target/arm/cpu64.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ #include "hw/loader.h" #endif #include "sysemu/kvm.h" +#include "sysemu/hvf.h" #include "kvm_arm.h" #include "hvf_arm.h" #include "qapi/visitor.h" @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) uint64_t t; uint32_t u; - if (kvm_enabled()) { - /* With KVM, '-cpu max' is identical to '-cpu host' */ + if (kvm_enabled() || hvf_enabled()) { + /* With KVM or HVF, '-cpu max' is identical to '-cpu host' */ aarch64_host_initfn(obj); return; } -- 2.25.1 Currently we don't allow guests under hvf to use the PAuth extension, because we didn't have any special code to handle that, and therefore in arm_cpu_pauth_finalize() we will sanitize the ID_AA64ISAR1 value the guest sees to clear the PAuth related fields. Add support for this in the same way that KVM does it, by defaulting to "PAuth enabled" if the host CPU has it and allowing the user to disable it via '-cpu pauth=no' on the command line. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220204165506.2846058-7-peter.maydell@linaro.org --- target/arm/cpu64.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) uint64_t t; /* Exit early if PAuth is enabled, and fall through to disable it */ - if (kvm_enabled() && cpu->prop_pauth) { + if ((kvm_enabled() || hvf_enabled()) && cpu->prop_pauth) { if (!cpu_isar_feature(aa64_pauth, cpu)) { - error_setg(errp, "'pauth' feature not supported by KVM on this host"); + error_setg(errp, "'pauth' feature not supported by %s on this host", + kvm_enabled() ? "KVM" : "hvf"); } return; @@ -XXX,XX +XXX,XX @@ void aarch64_add_pauth_properties(Object *obj) /* Default to PAUTH on, with the architected algorithm on TCG. */ qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); - if (kvm_enabled()) { + if (kvm_enabled() || hvf_enabled()) { /* * Mirror PAuth support from the probed sysregs back into the - * property for KVM. Is it just a bit backward? Yes it is! + * property for KVM or hvf. Is it just a bit backward? Yes it is! + * Note that prop_pauth is true whether the host CPU supports the + * architected QARMA5 algorithm or the IMPDEF one. We don't + * provide the separate pauth-impdef property for KVM or hvf, + * only for TCG. */ cpu->prop_pauth = cpu_isar_feature(aa64_pauth, cpu); } else { @@ -XXX,XX +XXX,XX @@ static void aarch64_host_initfn(Object *obj) #elif defined(CONFIG_HVF) ARMCPU *cpu = ARM_CPU(obj); hvf_arm_set_cpu_features_from_host(cpu); + aarch64_add_pauth_properties(obj); #else g_assert_not_reached(); #endif -- 2.25.1 Currently there is no way for a board model's Kconfig stanza to say "I have an i2c bus which the user can plug an i2c device into, build all the free-standing i2c devices". The Kconfig mechanism for this is the "device group". Add an I2C_DEVICES group along the same lines as the existing PCI_DEVICES. Simple free-standing i2c devices which a user might plausibly want to be able to plug in on the QEMU commandline should have default y if I2C_DEVICES and board models which have an i2c bus that is user-accessible should use imply I2C_DEVICES to cause those pluggable devices to be built. In this commit we mark only a fairly conservative set of i2c devices as belonging to the I2C_DEVICES group: the simple sensors and RTCs (not including PMBus devices or devices which need GPIO lines to be connected). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Hao Wu <wuhaotsh@google.com> Message-id: 20220208155911.3408455-2-peter.maydell@linaro.org --- docs/devel/kconfig.rst | 8 ++++++-- hw/i2c/Kconfig | 5 +++++ hw/rtc/Kconfig | 2 ++ hw/sensor/Kconfig | 5 +++++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/devel/kconfig.rst b/docs/devel/kconfig.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/devel/kconfig.rst +++ b/docs/devel/kconfig.rst @@ -XXX,XX +XXX,XX @@ declares its dependencies in different ways: no directive and are not used in the Makefile either; they only appear as conditions for ``default y`` directives. - QEMU currently has two device groups, ``PCI_DEVICES`` and - ``TEST_DEVICES``. PCI devices usually have a ``default y if + QEMU currently has three device groups, ``PCI_DEVICES``, ``I2C_DEVICES``, + and ``TEST_DEVICES``. PCI devices usually have a ``default y if PCI_DEVICES`` directive rather than just ``default y``. This lets some boards (notably s390) easily support a subset of PCI devices, for example only VFIO (passthrough) and virtio-pci devices. + ``I2C_DEVICES`` is similar to ``PCI_DEVICES``. It contains i2c devices + that users might reasonably want to plug in to an i2c bus on any + board (and not ones which are very board-specific or that need + to be wired up in a way that can't be done on the command line). ``TEST_DEVICES`` instead is used for devices that are rarely used on production virtual machines, but provide useful hooks to test QEMU or KVM. diff --git a/hw/i2c/Kconfig b/hw/i2c/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/hw/i2c/Kconfig +++ b/hw/i2c/Kconfig @@ -XXX,XX +XXX,XX @@ config I2C bool +config I2C_DEVICES + # Device group for i2c devices which can reasonably be user-plugged + # to any board's i2c bus + bool + config SMBUS bool select I2C diff --git a/hw/rtc/Kconfig b/hw/rtc/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/hw/rtc/Kconfig +++ b/hw/rtc/Kconfig @@ -XXX,XX +XXX,XX @@ config DS1338 bool depends on I2C + default y if I2C_DEVICES config M41T80 bool depends on I2C + default y if I2C_DEVICES config M48T59 bool diff --git a/hw/sensor/Kconfig b/hw/sensor/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/hw/sensor/Kconfig +++ b/hw/sensor/Kconfig @@ -XXX,XX +XXX,XX @@ config TMP105 bool depends on I2C + default y if I2C_DEVICES config TMP421 bool depends on I2C + default y if I2C_DEVICES config DPS310 bool depends on I2C + default y if I2C_DEVICES config EMC141X bool depends on I2C + default y if I2C_DEVICES config ADM1272 bool @@ -XXX,XX +XXX,XX @@ config MAX34451 config LSM303DLHC_MAG bool depends on I2C + default y if I2C_DEVICES -- 2.25.1 For arm boards with an i2c bus which a user could reasonably want to plug arbitrary devices, add 'imply I2C_DEVICES' to the Kconfig stanza. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Hao Wu <wuhaotsh@google.com> Message-id: 20220208155911.3408455-3-peter.maydell@linaro.org --- hw/arm/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -XXX,XX +XXX,XX @@ config DIGIC config EXYNOS4 bool + imply I2C_DEVICES select A9MPCORE select I2C select LAN9118 @@ -XXX,XX +XXX,XX @@ config REALVIEW bool imply PCI_DEVICES imply PCI_TESTDEV + imply I2C_DEVICES select SMC91C111 select LAN9118 select A9MPCORE @@ -XXX,XX +XXX,XX @@ config SABRELITE config STELLARIS bool + imply I2C_DEVICES select ARM_V7M select CMSDK_APB_WATCHDOG select I2C @@ -XXX,XX +XXX,XX @@ config NPCM7XX config FSL_IMX25 bool + imply I2C_DEVICES select IMX select IMX_FEC select IMX_I2C @@ -XXX,XX +XXX,XX @@ config FSL_IMX25 config FSL_IMX31 bool + imply I2C_DEVICES select SERIAL select IMX select IMX_I2C @@ -XXX,XX +XXX,XX @@ config FSL_IMX31 config FSL_IMX6 bool + imply I2C_DEVICES select A9MPCORE select IMX select IMX_FEC @@ -XXX,XX +XXX,XX @@ config ASPEED_SOC config MPS2 bool + imply I2C_DEVICES select ARMSSE select LAN9118 select MPS2_FPGAIO @@ -XXX,XX +XXX,XX @@ config FSL_IMX7 bool imply PCI_DEVICES imply TEST_DEVICES + imply I2C_DEVICES select A15MPCORE select PCI select IMX @@ -XXX,XX +XXX,XX @@ config ARM_SMMUV3 config FSL_IMX6UL bool + imply I2C_DEVICES select A15MPCORE select IMX select IMX_FEC @@ -XXX,XX +XXX,XX @@ config MICROBIT config NRF51_SOC bool + imply I2C_DEVICES select I2C select ARM_V7M select UNIMP -- 2.25.1 In the armv7m object, handle clock inputs that aren't connected. This is always an error for 'cpuclk'. For 'refclk' it is OK for this to be disconnected, but we need to handle it by not trying to connect a sourceless-clock to the systick device. This fixes a bug where on the mps2-an521 and similar boards (which do not have a refclk) the systick device incorrectly reset with SYST_CSR.CLKSOURCE 0 ("use refclk") rather than 1 ("use CPU clock"). Cc: qemu-stable@nongnu.org Reported-by: Richard Petri <git@rpls.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208171643.3486277-1-peter.maydell@linaro.org --- hw/arm/armv7m.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armv7m.c +++ b/hw/arm/armv7m.c @@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp) return; } + /* cpuclk must be connected; refclk is optional */ + if (!clock_has_source(s->cpuclk)) { + error_setg(errp, "armv7m: cpuclk must be connected"); + return; + } + memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1); s->cpu = ARM_CPU(object_new_with_props(s->cpu_type, OBJECT(s), "cpu", @@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp) &s->sysreg_ns_mem); } - /* Create and map the systick devices */ - qdev_connect_clock_in(DEVICE(&s->systick[M_REG_NS]), "refclk", s->refclk); + /* + * Create and map the systick devices. Note that we only connect + * refclk if it has been connected to us; otherwise the systick + * device gets the wrong answer for clock_has_source(refclk), because + * it has an immediate source (the ARMv7M's clock object) but not + * an ultimate source, and then it won't correctly auto-select the + * CPU clock as its only possible clock source. + */ + if (clock_has_source(s->refclk)) { + qdev_connect_clock_in(DEVICE(&s->systick[M_REG_NS]), "refclk", + s->refclk); + } qdev_connect_clock_in(DEVICE(&s->systick[M_REG_NS]), "cpuclk", s->cpuclk); if (!sysbus_realize(SYS_BUS_DEVICE(&s->systick[M_REG_NS]), errp)) { return; @@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp) */ object_initialize_child(OBJECT(dev), "systick-reg-s", &s->systick[M_REG_S], TYPE_SYSTICK); - qdev_connect_clock_in(DEVICE(&s->systick[M_REG_S]), "refclk", - s->refclk); + if (clock_has_source(s->refclk)) { + qdev_connect_clock_in(DEVICE(&s->systick[M_REG_S]), "refclk", + s->refclk); + } qdev_connect_clock_in(DEVICE(&s->systick[M_REG_S]), "cpuclk", s->cpuclk); -- 2.25.1 The function qemu_madvise() and the QEMU_MADV_* constants associated with it are used in only 10 files. Move them out of osdep.h to a new qemu/madvise.h header that is included where it is needed. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-2-peter.maydell@linaro.org --- include/qemu/madvise.h | 95 ++++++++++++++++++++++++++++++++++++++ include/qemu/osdep.h | 82 -------------------------------- backends/hostmem-file.c | 1 + backends/hostmem.c | 1 + hw/virtio/virtio-balloon.c | 1 + migration/postcopy-ram.c | 1 + migration/qemu-file.c | 1 + migration/ram.c | 1 + softmmu/physmem.c | 1 + tcg/region.c | 1 + util/osdep.c | 1 + util/oslib-posix.c | 1 + 12 files changed, 105 insertions(+), 82 deletions(-) create mode 100644 include/qemu/madvise.h diff --git a/include/qemu/madvise.h b/include/qemu/madvise.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/include/qemu/madvise.h @@ -XXX,XX +XXX,XX @@ +/* + * QEMU madvise wrapper functions + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef QEMU_MADVISE_H +#define QEMU_MADVISE_H + +#define QEMU_MADV_INVALID -1 + +#if defined(CONFIG_MADVISE) + +#define QEMU_MADV_WILLNEED MADV_WILLNEED +#define QEMU_MADV_DONTNEED MADV_DONTNEED +#ifdef MADV_DONTFORK +#define QEMU_MADV_DONTFORK MADV_DONTFORK +#else +#define QEMU_MADV_DONTFORK QEMU_MADV_INVALID +#endif +#ifdef MADV_MERGEABLE +#define QEMU_MADV_MERGEABLE MADV_MERGEABLE +#else +#define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID +#endif +#ifdef MADV_UNMERGEABLE +#define QEMU_MADV_UNMERGEABLE MADV_UNMERGEABLE +#else +#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID +#endif +#ifdef MADV_DODUMP +#define QEMU_MADV_DODUMP MADV_DODUMP +#else +#define QEMU_MADV_DODUMP QEMU_MADV_INVALID +#endif +#ifdef MADV_DONTDUMP +#define QEMU_MADV_DONTDUMP MADV_DONTDUMP +#else +#define QEMU_MADV_DONTDUMP QEMU_MADV_INVALID +#endif +#ifdef MADV_HUGEPAGE +#define QEMU_MADV_HUGEPAGE MADV_HUGEPAGE +#else +#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID +#endif +#ifdef MADV_NOHUGEPAGE +#define QEMU_MADV_NOHUGEPAGE MADV_NOHUGEPAGE +#else +#define QEMU_MADV_NOHUGEPAGE QEMU_MADV_INVALID +#endif +#ifdef MADV_REMOVE +#define QEMU_MADV_REMOVE MADV_REMOVE +#else +#define QEMU_MADV_REMOVE QEMU_MADV_DONTNEED +#endif +#ifdef MADV_POPULATE_WRITE +#define QEMU_MADV_POPULATE_WRITE MADV_POPULATE_WRITE +#else +#define QEMU_MADV_POPULATE_WRITE QEMU_MADV_INVALID +#endif + +#elif defined(CONFIG_POSIX_MADVISE) + +#define QEMU_MADV_WILLNEED POSIX_MADV_WILLNEED +#define QEMU_MADV_DONTNEED POSIX_MADV_DONTNEED +#define QEMU_MADV_DONTFORK QEMU_MADV_INVALID +#define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID +#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID +#define QEMU_MADV_DODUMP QEMU_MADV_INVALID +#define QEMU_MADV_DONTDUMP QEMU_MADV_INVALID +#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID +#define QEMU_MADV_NOHUGEPAGE QEMU_MADV_INVALID +#define QEMU_MADV_REMOVE QEMU_MADV_DONTNEED +#define QEMU_MADV_POPULATE_WRITE QEMU_MADV_INVALID + +#else /* no-op */ + +#define QEMU_MADV_WILLNEED QEMU_MADV_INVALID +#define QEMU_MADV_DONTNEED QEMU_MADV_INVALID +#define QEMU_MADV_DONTFORK QEMU_MADV_INVALID +#define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID +#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID +#define QEMU_MADV_DODUMP QEMU_MADV_INVALID +#define QEMU_MADV_DONTDUMP QEMU_MADV_INVALID +#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID +#define QEMU_MADV_NOHUGEPAGE QEMU_MADV_INVALID +#define QEMU_MADV_REMOVE QEMU_MADV_INVALID +#define QEMU_MADV_POPULATE_WRITE QEMU_MADV_INVALID + +#endif + +int qemu_madvise(void *addr, size_t len, int advice); + +#endif diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index XXXXXXX..XXXXXXX 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -XXX,XX +XXX,XX @@ static inline void qemu_cleanup_generic_vfree(void *p) #define QEMU_MAP_NORESERVE (1 << 3) -#define QEMU_MADV_INVALID -1 - -#if defined(CONFIG_MADVISE) - -#define QEMU_MADV_WILLNEED MADV_WILLNEED -#define QEMU_MADV_DONTNEED MADV_DONTNEED -#ifdef MADV_DONTFORK -#define QEMU_MADV_DONTFORK MADV_DONTFORK -#else -#define QEMU_MADV_DONTFORK QEMU_MADV_INVALID -#endif -#ifdef MADV_MERGEABLE -#define QEMU_MADV_MERGEABLE MADV_MERGEABLE -#else -#define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID -#endif -#ifdef MADV_UNMERGEABLE -#define QEMU_MADV_UNMERGEABLE MADV_UNMERGEABLE -#else -#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID -#endif -#ifdef MADV_DODUMP -#define QEMU_MADV_DODUMP MADV_DODUMP -#else -#define QEMU_MADV_DODUMP QEMU_MADV_INVALID -#endif -#ifdef MADV_DONTDUMP -#define QEMU_MADV_DONTDUMP MADV_DONTDUMP -#else -#define QEMU_MADV_DONTDUMP QEMU_MADV_INVALID -#endif -#ifdef MADV_HUGEPAGE -#define QEMU_MADV_HUGEPAGE MADV_HUGEPAGE -#else -#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID -#endif -#ifdef MADV_NOHUGEPAGE -#define QEMU_MADV_NOHUGEPAGE MADV_NOHUGEPAGE -#else -#define QEMU_MADV_NOHUGEPAGE QEMU_MADV_INVALID -#endif -#ifdef MADV_REMOVE -#define QEMU_MADV_REMOVE MADV_REMOVE -#else -#define QEMU_MADV_REMOVE QEMU_MADV_DONTNEED -#endif -#ifdef MADV_POPULATE_WRITE -#define QEMU_MADV_POPULATE_WRITE MADV_POPULATE_WRITE -#else -#define QEMU_MADV_POPULATE_WRITE QEMU_MADV_INVALID -#endif - -#elif defined(CONFIG_POSIX_MADVISE) - -#define QEMU_MADV_WILLNEED POSIX_MADV_WILLNEED -#define QEMU_MADV_DONTNEED POSIX_MADV_DONTNEED -#define QEMU_MADV_DONTFORK QEMU_MADV_INVALID -#define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID -#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID -#define QEMU_MADV_DODUMP QEMU_MADV_INVALID -#define QEMU_MADV_DONTDUMP QEMU_MADV_INVALID -#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID -#define QEMU_MADV_NOHUGEPAGE QEMU_MADV_INVALID -#define QEMU_MADV_REMOVE QEMU_MADV_DONTNEED -#define QEMU_MADV_POPULATE_WRITE QEMU_MADV_INVALID - -#else /* no-op */ - -#define QEMU_MADV_WILLNEED QEMU_MADV_INVALID -#define QEMU_MADV_DONTNEED QEMU_MADV_INVALID -#define QEMU_MADV_DONTFORK QEMU_MADV_INVALID -#define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID -#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID -#define QEMU_MADV_DODUMP QEMU_MADV_INVALID -#define QEMU_MADV_DONTDUMP QEMU_MADV_INVALID -#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID -#define QEMU_MADV_NOHUGEPAGE QEMU_MADV_INVALID -#define QEMU_MADV_REMOVE QEMU_MADV_INVALID -#define QEMU_MADV_POPULATE_WRITE QEMU_MADV_INVALID - -#endif #ifdef _WIN32 #define HAVE_CHARDEV_SERIAL 1 @@ -XXX,XX +XXX,XX @@ void sigaction_invoke(struct sigaction *action, struct qemu_signalfd_siginfo *info); #endif -int qemu_madvise(void *addr, size_t len, int advice); int qemu_mprotect_rw(void *addr, size_t size); int qemu_mprotect_rwx(void *addr, size_t size); int qemu_mprotect_none(void *addr, size_t size); diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c index XXXXXXX..XXXXXXX 100644 --- a/backends/hostmem-file.c +++ b/backends/hostmem-file.c @@ -XXX,XX +XXX,XX @@ #include "qapi/error.h" #include "qemu/error-report.h" #include "qemu/module.h" +#include "qemu/madvise.h" #include "sysemu/hostmem.h" #include "qom/object_interfaces.h" #include "qom/object.h" diff --git a/backends/hostmem.c b/backends/hostmem.c index XXXXXXX..XXXXXXX 100644 --- a/backends/hostmem.c +++ b/backends/hostmem.c @@ -XXX,XX +XXX,XX @@ #include "qemu/config-file.h" #include "qom/object_interfaces.h" #include "qemu/mmap-alloc.h" +#include "qemu/madvise.h" #ifdef CONFIG_NUMA #include <numaif.h> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index XXXXXXX..XXXXXXX 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -XXX,XX +XXX,XX @@ #include "qemu/iov.h" #include "qemu/module.h" #include "qemu/timer.h" +#include "qemu/madvise.h" #include "hw/virtio/virtio.h" #include "hw/mem/pc-dimm.h" #include "hw/qdev-properties.h" diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c index XXXXXXX..XXXXXXX 100644 --- a/migration/postcopy-ram.c +++ b/migration/postcopy-ram.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qemu/rcu.h" +#include "qemu/madvise.h" #include "exec/target_page.h" #include "migration.h" #include "qemu-file.h" diff --git a/migration/qemu-file.c b/migration/qemu-file.c index XXXXXXX..XXXXXXX 100644 --- a/migration/qemu-file.c +++ b/migration/qemu-file.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" #include <zlib.h> +#include "qemu/madvise.h" #include "qemu/error-report.h" #include "qemu/iov.h" #include "migration.h" diff --git a/migration/ram.c b/migration/ram.c index XXXXXXX..XXXXXXX 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -XXX,XX +XXX,XX @@ #include "qemu/cutils.h" #include "qemu/bitops.h" #include "qemu/bitmap.h" +#include "qemu/madvise.h" #include "qemu/main-loop.h" #include "xbzrle.h" #include "ram.h" diff --git a/softmmu/physmem.c b/softmmu/physmem.c index XXXXXXX..XXXXXXX 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c @@ -XXX,XX +XXX,XX @@ #include "qemu/cutils.h" #include "qemu/cacheflush.h" +#include "qemu/madvise.h" #ifdef CONFIG_TCG #include "hw/core/tcg-cpu-ops.h" diff --git a/tcg/region.c b/tcg/region.c index XXXXXXX..XXXXXXX 100644 --- a/tcg/region.c +++ b/tcg/region.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qemu/units.h" +#include "qemu/madvise.h" #include "qapi/error.h" #include "exec/exec-all.h" #include "tcg/tcg.h" diff --git a/util/osdep.c b/util/osdep.c index XXXXXXX..XXXXXXX 100644 --- a/util/osdep.c +++ b/util/osdep.c @@ -XXX,XX +XXX,XX @@ extern int madvise(char *, size_t, int); #include "qemu/cutils.h" #include "qemu/sockets.h" #include "qemu/error-report.h" +#include "qemu/madvise.h" #include "monitor/monitor.h" static bool fips_enabled = false; diff --git a/util/oslib-posix.c b/util/oslib-posix.c index XXXXXXX..XXXXXXX 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -XXX,XX +XXX,XX @@ #include "trace.h" #include "qapi/error.h" #include "qemu/error-report.h" +#include "qemu/madvise.h" #include "qemu/sockets.h" #include "qemu/thread.h" #include <libgen.h> -- 2.25.1 The qemu_mprotect_*() family of functions are used in very few files; move them from osdep.h to a new qemu/mprotect.h. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-3-peter.maydell@linaro.org --- include/qemu/mprotect.h | 14 ++++++++++++++ include/qemu/osdep.h | 4 ---- tcg/region.c | 1 + util/osdep.c | 1 + 4 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 include/qemu/mprotect.h diff --git a/include/qemu/mprotect.h b/include/qemu/mprotect.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/include/qemu/mprotect.h @@ -XXX,XX +XXX,XX @@ +/* + * QEMU mprotect functions + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_MPROTECT_H +#define QEMU_MPROTECT_H + +int qemu_mprotect_rw(void *addr, size_t size); +int qemu_mprotect_rwx(void *addr, size_t size); +int qemu_mprotect_none(void *addr, size_t size); + +#endif diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index XXXXXXX..XXXXXXX 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -XXX,XX +XXX,XX @@ void sigaction_invoke(struct sigaction *action, struct qemu_signalfd_siginfo *info); #endif -int qemu_mprotect_rw(void *addr, size_t size); -int qemu_mprotect_rwx(void *addr, size_t size); -int qemu_mprotect_none(void *addr, size_t size); - /* * Don't introduce new usage of this function, prefer the following * qemu_open/qemu_create that take an "Error **errp" diff --git a/tcg/region.c b/tcg/region.c index XXXXXXX..XXXXXXX 100644 --- a/tcg/region.c +++ b/tcg/region.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qemu/units.h" #include "qemu/madvise.h" +#include "qemu/mprotect.h" #include "qapi/error.h" #include "exec/exec-all.h" #include "tcg/tcg.h" diff --git a/util/osdep.c b/util/osdep.c index XXXXXXX..XXXXXXX 100644 --- a/util/osdep.c +++ b/util/osdep.c @@ -XXX,XX +XXX,XX @@ extern int madvise(char *, size_t, int); #include "qemu/sockets.h" #include "qemu/error-report.h" #include "qemu/madvise.h" +#include "qemu/mprotect.h" #include "monitor/monitor.h" static bool fips_enabled = false; -- 2.25.1 The QEMU_MAP_* constants are used only as arguments to the qemu_ram_mmap() function. Move them to mmap-alloc.h, where that function's prototype is defined. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-4-peter.maydell@linaro.org --- include/qemu/mmap-alloc.h | 23 +++++++++++++++++++++++ include/qemu/osdep.h | 25 ------------------------- 2 files changed, 23 insertions(+), 25 deletions(-) diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h index XXXXXXX..XXXXXXX 100644 --- a/include/qemu/mmap-alloc.h +++ b/include/qemu/mmap-alloc.h @@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd, void qemu_ram_munmap(int fd, void *ptr, size_t size); +/* + * Abstraction of PROT_ and MAP_ flags as passed to mmap(), for example, + * consumed by qemu_ram_mmap(). + */ + +/* Map PROT_READ instead of PROT_READ | PROT_WRITE. */ +#define QEMU_MAP_READONLY (1 << 0) + +/* Use MAP_SHARED instead of MAP_PRIVATE. */ +#define QEMU_MAP_SHARED (1 << 1) + +/* + * Use MAP_SYNC | MAP_SHARED_VALIDATE if supported. Ignored without + * QEMU_MAP_SHARED. If mapping fails, warn and fallback to !QEMU_MAP_SYNC. + */ +#define QEMU_MAP_SYNC (1 << 2) + +/* + * Use MAP_NORESERVE to skip reservation of swap space (or huge pages if + * applicable). Bail out if not supported/effective. + */ +#define QEMU_MAP_NORESERVE (1 << 3) + #endif diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index XXXXXXX..XXXXXXX 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -XXX,XX +XXX,XX @@ static inline void qemu_cleanup_generic_vfree(void *p) */ #define QEMU_AUTO_VFREE __attribute__((cleanup(qemu_cleanup_generic_vfree))) -/* - * Abstraction of PROT_ and MAP_ flags as passed to mmap(), for example, - * consumed by qemu_ram_mmap(). - */ - -/* Map PROT_READ instead of PROT_READ | PROT_WRITE. */ -#define QEMU_MAP_READONLY (1 << 0) - -/* Use MAP_SHARED instead of MAP_PRIVATE. */ -#define QEMU_MAP_SHARED (1 << 1) - -/* - * Use MAP_SYNC | MAP_SHARED_VALIDATE if supported. Ignored without - * QEMU_MAP_SHARED. If mapping fails, warn and fallback to !QEMU_MAP_SYNC. - */ -#define QEMU_MAP_SYNC (1 << 2) - -/* - * Use MAP_NORESERVE to skip reservation of swap space (or huge pages if - * applicable). Bail out if not supported/effective. - */ -#define QEMU_MAP_NORESERVE (1 << 3) - - - #ifdef _WIN32 #define HAVE_CHARDEV_SERIAL 1 #elif defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \ -- 2.25.1 The qemu_icache_linesize, qemu_icache_linesize_log, qemu_dcache_linesize, and qemu_dcache_linesize_log variables are not used in many files. Move them out of osdep.h to a new qemu/cacheinfo.h, and document them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-5-peter.maydell@linaro.org --- include/qemu/cacheinfo.h | 21 +++++++++++++++++++++ include/qemu/osdep.h | 5 ----- accel/tcg/translate-all.c | 1 + plugins/loader.c | 1 + tcg/region.c | 1 + tcg/tcg.c | 1 + util/atomic64.c | 1 + util/cacheflush.c | 1 + util/cacheinfo.c | 1 + 9 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 include/qemu/cacheinfo.h diff --git a/include/qemu/cacheinfo.h b/include/qemu/cacheinfo.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/include/qemu/cacheinfo.h @@ -XXX,XX +XXX,XX @@ +/* + * QEMU host cacheinfo information + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_CACHEINFO_H +#define QEMU_CACHEINFO_H + +/* + * These variables represent our best guess at the host icache and + * dcache sizes, expressed both as the size in bytes and as the + * base-2 log of the size in bytes. They are initialized at startup + * (via an attribute 'constructor' function). + */ +extern int qemu_icache_linesize; +extern int qemu_icache_linesize_log; +extern int qemu_dcache_linesize; +extern int qemu_dcache_linesize_log; + +#endif diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index XXXXXXX..XXXXXXX 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -XXX,XX +XXX,XX @@ pid_t qemu_fork(Error **errp); extern uintptr_t qemu_real_host_page_size; extern intptr_t qemu_real_host_page_mask; -extern int qemu_icache_linesize; -extern int qemu_icache_linesize_log; -extern int qemu_dcache_linesize; -extern int qemu_dcache_linesize_log; - /* * After using getopt or getopt_long, if you need to parse another set * of options, then you must reset optind. Unfortunately the way to diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index XXXXXXX..XXXXXXX 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -XXX,XX +XXX,XX @@ #include "qemu/qemu-print.h" #include "qemu/timer.h" #include "qemu/main-loop.h" +#include "qemu/cacheinfo.h" #include "exec/log.h" #include "sysemu/cpus.h" #include "sysemu/cpu-timers.h" diff --git a/plugins/loader.c b/plugins/loader.c index XXXXXXX..XXXXXXX 100644 --- a/plugins/loader.c +++ b/plugins/loader.c @@ -XXX,XX +XXX,XX @@ #include "qemu/rcu_queue.h" #include "qemu/qht.h" #include "qemu/bitmap.h" +#include "qemu/cacheinfo.h" #include "qemu/xxhash.h" #include "qemu/plugin.h" #include "hw/core/cpu.h" diff --git a/tcg/region.c b/tcg/region.c index XXXXXXX..XXXXXXX 100644 --- a/tcg/region.c +++ b/tcg/region.c @@ -XXX,XX +XXX,XX @@ #include "qemu/units.h" #include "qemu/madvise.h" #include "qemu/mprotect.h" +#include "qemu/cacheinfo.h" #include "qapi/error.h" #include "exec/exec-all.h" #include "tcg/tcg.h" diff --git a/tcg/tcg.c b/tcg/tcg.c index XXXXXXX..XXXXXXX 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -XXX,XX +XXX,XX @@ #include "qemu/qemu-print.h" #include "qemu/timer.h" #include "qemu/cacheflush.h" +#include "qemu/cacheinfo.h" /* Note: the long term plan is to reduce the dependencies on the QEMU CPU definitions. Currently they are used for qemu_ld/st diff --git a/util/atomic64.c b/util/atomic64.c index XXXXXXX..XXXXXXX 100644 --- a/util/atomic64.c +++ b/util/atomic64.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qemu/atomic.h" #include "qemu/thread.h" +#include "qemu/cacheinfo.h" #ifdef CONFIG_ATOMIC64 #error This file must only be compiled if !CONFIG_ATOMIC64 diff --git a/util/cacheflush.c b/util/cacheflush.c index XXXXXXX..XXXXXXX 100644 --- a/util/cacheflush.c +++ b/util/cacheflush.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qemu/cacheflush.h" +#include "qemu/cacheinfo.h" #include "qemu/bitops.h" diff --git a/util/cacheinfo.c b/util/cacheinfo.c index XXXXXXX..XXXXXXX 100644 --- a/util/cacheinfo.c +++ b/util/cacheinfo.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qemu/host-utils.h" #include "qemu/atomic.h" +#include "qemu/cacheinfo.h" int qemu_icache_linesize = 0; int qemu_icache_linesize_log; -- 2.25.1 The "hardware version" machinery (qemu_set_hw_version(), qemu_hw_version(), and the QEMU_HW_VERSION define) is used by fewer than 10 files. Move it out from osdep.h into a new qemu/hw-version.h. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-6-peter.maydell@linaro.org --- include/qemu/hw-version.h | 27 +++++++++++++++++++++++++++ include/qemu/osdep.h | 16 ---------------- hw/arm/nseries.c | 1 + hw/ide/core.c | 1 + hw/scsi/megasas.c | 1 + hw/scsi/scsi-bus.c | 1 + hw/scsi/scsi-disk.c | 1 + softmmu/vl.c | 1 + target/i386/cpu.c | 1 + target/s390x/cpu_models.c | 1 + util/osdep.c | 1 + 11 files changed, 36 insertions(+), 16 deletions(-) create mode 100644 include/qemu/hw-version.h diff --git a/include/qemu/hw-version.h b/include/qemu/hw-version.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/include/qemu/hw-version.h @@ -XXX,XX +XXX,XX @@ +/* + * QEMU "hardware version" machinery + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_HW_VERSION_H +#define QEMU_HW_VERSION_H + +/* + * Starting on QEMU 2.5, qemu_hw_version() returns "2.5+" by default + * instead of QEMU_VERSION, so setting hw_version on MachineClass + * is no longer mandatory. + * + * Do NOT change this string, or it will break compatibility on all + * machine classes that don't set hw_version. + */ +#define QEMU_HW_VERSION "2.5+" + +/* QEMU "hardware version" setting. Used to replace code that exposed + * QEMU_VERSION to guests in the past and need to keep compatibility. + * Do not use qemu_hw_version() in new code. + */ +void qemu_set_hw_version(const char *); +const char *qemu_hw_version(void); + +#endif diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index XXXXXXX..XXXXXXX 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -XXX,XX +XXX,XX @@ static inline void qemu_timersub(const struct timeval *val1, void qemu_set_cloexec(int fd); -/* Starting on QEMU 2.5, qemu_hw_version() returns "2.5+" by default - * instead of QEMU_VERSION, so setting hw_version on MachineClass - * is no longer mandatory. - * - * Do NOT change this string, or it will break compatibility on all - * machine classes that don't set hw_version. - */ -#define QEMU_HW_VERSION "2.5+" - -/* QEMU "hardware version" setting. Used to replace code that exposed - * QEMU_VERSION to guests in the past and need to keep compatibility. - * Do not use qemu_hw_version() in new code. - */ -void qemu_set_hw_version(const char *); -const char *qemu_hw_version(void); - void fips_set_state(bool requested); bool fips_get_state(void); diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/nseries.c +++ b/hw/arm/nseries.c @@ -XXX,XX +XXX,XX @@ #include "chardev/char.h" #include "qemu/cutils.h" #include "qemu/bswap.h" +#include "qemu/hw-version.h" #include "sysemu/reset.h" #include "sysemu/runstate.h" #include "sysemu/sysemu.h" diff --git a/hw/ide/core.c b/hw/ide/core.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -XXX,XX +XXX,XX @@ #include "qemu/error-report.h" #include "qemu/main-loop.h" #include "qemu/timer.h" +#include "qemu/hw-version.h" #include "sysemu/sysemu.h" #include "sysemu/blockdev.h" #include "sysemu/dma.h" diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index XXXXXXX..XXXXXXX 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -XXX,XX +XXX,XX @@ #include "hw/pci/msix.h" #include "qemu/iov.h" #include "qemu/module.h" +#include "qemu/hw-version.h" #include "hw/scsi/scsi.h" #include "scsi/constants.h" #include "trace.h" diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index XXXXXXX..XXXXXXX 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -XXX,XX +XXX,XX @@ #include "qemu/error-report.h" #include "qemu/module.h" #include "qemu/option.h" +#include "qemu/hw-version.h" #include "hw/qdev-properties.h" #include "hw/scsi/scsi.h" #include "migration/qemu-file-types.h" diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index XXXXXXX..XXXXXXX 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -XXX,XX +XXX,XX @@ #include "qemu/error-report.h" #include "qemu/main-loop.h" #include "qemu/module.h" +#include "qemu/hw-version.h" #include "hw/scsi/scsi.h" #include "migration/qemu-file-types.h" #include "migration/vmstate.h" diff --git a/softmmu/vl.c b/softmmu/vl.c index XXXXXXX..XXXXXXX 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -XXX,XX +XXX,XX @@ #include "qemu-version.h" #include "qemu/cutils.h" #include "qemu/help_option.h" +#include "qemu/hw-version.h" #include "qemu/uuid.h" #include "sysemu/reset.h" #include "sysemu/runstate.h" diff --git a/target/i386/cpu.c b/target/i386/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -XXX,XX +XXX,XX @@ #include "qemu/units.h" #include "qemu/cutils.h" #include "qemu/qemu-print.h" +#include "qemu/hw-version.h" #include "cpu.h" #include "tcg/helper-tcg.h" #include "sysemu/reset.h" diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index XXXXXXX..XXXXXXX 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -XXX,XX +XXX,XX @@ #include "qapi/error.h" #include "qapi/visitor.h" #include "qemu/module.h" +#include "qemu/hw-version.h" #include "qemu/qemu-print.h" #ifndef CONFIG_USER_ONLY #include "sysemu/sysemu.h" diff --git a/util/osdep.c b/util/osdep.c index XXXXXXX..XXXXXXX 100644 --- a/util/osdep.c +++ b/util/osdep.c @@ -XXX,XX +XXX,XX @@ extern int madvise(char *, size_t, int); #include "qemu/error-report.h" #include "qemu/madvise.h" #include "qemu/mprotect.h" +#include "qemu/hw-version.h" #include "monitor/monitor.h" static bool fips_enabled = false; -- 2.25.1 From: Akihiko Odaki <akihiko.odaki@gmail.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220213021215.1974-1-akihiko.odaki@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index XXXXXXX..XXXXXXX 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -XXX,XX +XXX,XX @@ F: audio/alsaaudio.c Core Audio framework backend M: Gerd Hoffmann <kraxel@redhat.com> R: Christian Schoenebeck <qemu_oss@crudebyte.com> +R: Akihiko Odaki <akihiko.odaki@gmail.com> S: Odd Fixes F: audio/coreaudio.c @@ -XXX,XX +XXX,XX @@ F: util/drm.c Cocoa graphics M: Peter Maydell <peter.maydell@linaro.org> +R: Akihiko Odaki <akihiko.odaki@gmail.com> S: Odd Fixes F: ui/cocoa.m -- 2.25.1 From: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru> A9 gtimer includes global control field and number of per-cpu fields. But only per-cpu ones are migrated. This patch adds a subsection for global control field migration. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Message-id: 164422345976.2186660.1104517592452494510.stgit@pasha-ThinkPad-X280 Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/timer/a9gtimer.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/hw/timer/a9gtimer.c b/hw/timer/a9gtimer.c index XXXXXXX..XXXXXXX 100644 --- a/hw/timer/a9gtimer.c +++ b/hw/timer/a9gtimer.c @@ -XXX,XX +XXX,XX @@ static void a9_gtimer_realize(DeviceState *dev, Error **errp) } } +static bool vmstate_a9_gtimer_control_needed(void *opaque) +{ + A9GTimerState *s = opaque; + return s->control != 0; +} + static const VMStateDescription vmstate_a9_gtimer_per_cpu = { .name = "arm.cortex-a9-global-timer.percpu", .version_id = 1, @@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_a9_gtimer_per_cpu = { } }; +static const VMStateDescription vmstate_a9_gtimer_control = { + .name = "arm.cortex-a9-global-timer.control", + .version_id = 1, + .minimum_version_id = 1, + .needed = vmstate_a9_gtimer_control_needed, + .fields = (VMStateField[]) { + VMSTATE_UINT32(control, A9GTimerState), + VMSTATE_END_OF_LIST() + } +}; + static const VMStateDescription vmstate_a9_gtimer = { .name = "arm.cortex-a9-global-timer", .version_id = 1, @@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_a9_gtimer = { 1, vmstate_a9_gtimer_per_cpu, A9GTimerPerCPU), VMSTATE_END_OF_LIST() + }, + .subsections = (const VMStateDescription*[]) { + &vmstate_a9_gtimer_control, + NULL } }; -- 2.25.1 From: Patrick Venture <venture@google.com> This is the BMC attached to the OpenBMC Mori board. Signed-off-by: Patrick Venture <venture@google.com> Reviewed-by: Chris Rauer <crauer@google.com> Reviewed-by: Ilkyun Choi <ikchoi@google.com> Message-id: 20220208233104.284425-1-venture@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- docs/system/arm/nuvoton.rst | 1 + hw/arm/npcm7xx_boards.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/docs/system/arm/nuvoton.rst b/docs/system/arm/nuvoton.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/system/arm/nuvoton.rst +++ b/docs/system/arm/nuvoton.rst @@ -XXX,XX +XXX,XX @@ Hyperscale applications. The following machines are based on this chip : - ``quanta-gbs-bmc`` Quanta GBS server BMC - ``quanta-gsj`` Quanta GSJ server BMC - ``kudo-bmc`` Fii USA Kudo server BMC +- ``mori-bmc`` Fii USA Mori server BMC There are also two more SoCs, NPCM710 and NPCM705, which are single-core variants of NPCM750 and NPCM730, respectively. These are currently not diff --git a/hw/arm/npcm7xx_boards.c b/hw/arm/npcm7xx_boards.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/npcm7xx_boards.c +++ b/hw/arm/npcm7xx_boards.c @@ -XXX,XX +XXX,XX @@ #define QUANTA_GSJ_POWER_ON_STRAPS 0x00001fff #define QUANTA_GBS_POWER_ON_STRAPS 0x000017ff #define KUDO_BMC_POWER_ON_STRAPS 0x00001fff +#define MORI_BMC_POWER_ON_STRAPS 0x00001fff static const char npcm7xx_default_bootrom[] = "npcm7xx_bootrom.bin"; @@ -XXX,XX +XXX,XX @@ static void kudo_bmc_init(MachineState *machine) npcm7xx_load_kernel(machine, soc); } +static void mori_bmc_init(MachineState *machine) +{ + NPCM7xxState *soc; + + soc = npcm7xx_create_soc(machine, MORI_BMC_POWER_ON_STRAPS); + npcm7xx_connect_dram(soc, machine->ram); + qdev_realize(DEVICE(soc), NULL, &error_fatal); + + npcm7xx_load_bootrom(machine, soc); + npcm7xx_connect_flash(&soc->fiu[1], 0, "mx66u51235f", + drive_get(IF_MTD, 3, 0)); + + npcm7xx_load_kernel(machine, soc); +} + static void npcm7xx_set_soc_type(NPCM7xxMachineClass *nmc, const char *type) { NPCM7xxClass *sc = NPCM7XX_CLASS(object_class_by_name(type)); @@ -XXX,XX +XXX,XX @@ static void kudo_bmc_machine_class_init(ObjectClass *oc, void *data) mc->default_ram_size = 1 * GiB; }; +static void mori_bmc_machine_class_init(ObjectClass *oc, void *data) +{ + NPCM7xxMachineClass *nmc = NPCM7XX_MACHINE_CLASS(oc); + MachineClass *mc = MACHINE_CLASS(oc); + + npcm7xx_set_soc_type(nmc, TYPE_NPCM730); + + mc->desc = "Mori BMC (Cortex-A9)"; + mc->init = mori_bmc_init; + mc->default_ram_size = 1 * GiB; +} + static const TypeInfo npcm7xx_machine_types[] = { { .name = TYPE_NPCM7XX_MACHINE, @@ -XXX,XX +XXX,XX @@ static const TypeInfo npcm7xx_machine_types[] = { .name = MACHINE_TYPE_NAME("kudo-bmc"), .parent = TYPE_NPCM7XX_MACHINE, .class_init = kudo_bmc_machine_class_init, + }, { + .name = MACHINE_TYPE_NAME("mori-bmc"), + .parent = TYPE_NPCM7XX_MACHINE, + .class_init = mori_bmc_machine_class_init, }, }; -- 2.25.1 From: Philippe Mathieu-Daudé <f4bug@amsat.org> setAllowedFileTypes is deprecated in macOS 12. Per Akihiko Odaki [*]: An image file, which is being chosen by the panel, can be a raw file and have a variety of file extensions and many are not covered by the provided list (e.g. "udf"). Other platforms like GTK can provide an option to open a file with an extension not listed, but Cocoa can't. It forces the user to rename the file to give an extension in the list. Moreover, Cocoa does not tell which extensions are in the list so the user needs to read the source code, which is pretty bad. Since this code is harming the usability rather than improving it, simply remove the [NSSavePanel allowedFileTypes:] call, fixing: [2789/6622] Compiling Objective-C object libcommon.fa.p/ui_cocoa.m.o ui/cocoa.m:1411:16: error: 'setAllowedFileTypes:' is deprecated: first deprecated in macOS 12.0 - Use -allowedContentTypes instead [-Werror,-Wdeprecated-declarations] [openPanel setAllowedFileTypes: supportedImageFileTypes]; ^ /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/AppKit.framework/Headers/NSSavePanel.h:215:49: note: property 'allowedFileTypes' is declared deprecated here @property (nullable, copy) NSArray<NSString *> *allowedFileTypes API_DEPRECATED("Use -allowedContentTypes instead", macos(10.3,12.0)); ^ /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/AppKit.framework/Headers/NSSavePanel.h:215:49: note: 'setAllowedFileTypes:' has been explicitly marked deprecated here FAILED: libcommon.fa.p/ui_cocoa.m.o [*] https://lore.kernel.org/qemu-devel/4dde2e66-63cb-4390-9538-c032310db3e3@gmail.com/ Suggested-by: Akihiko Odaki <akihiko.odaki@gmail.com> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220215080307.69550-11-f4bug@amsat.org Reviewed by: Cameron Esfahani <dirty@apple.com> Reviewed-by: Akihiko Odaki <akihiko.odaki@gmail.com> Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- ui/cocoa.m | 6 ------ 1 file changed, 6 deletions(-) diff --git a/ui/cocoa.m b/ui/cocoa.m index XXXXXXX..XXXXXXX 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -XXX,XX +XXX,XX @@ static int gArgc; static char **gArgv; static bool stretch_video; static NSTextField *pauseLabel; -static NSArray * supportedImageFileTypes; static QemuSemaphore display_init_sem; static QemuSemaphore app_started_sem; @@ -XXX,XX +XXX,XX @@ QemuCocoaView *cocoaView; [pauseLabel setTextColor: [NSColor blackColor]]; [pauseLabel sizeToFit]; - // set the supported image file types that can be opened - supportedImageFileTypes = [NSArray arrayWithObjects: @"img", @"iso", @"dmg", - @"qcow", @"qcow2", @"cloop", @"vmdk", @"cdr", - @"toast", nil]; [self make_about_window]; } return self; @@ -XXX,XX +XXX,XX @@ QemuCocoaView *cocoaView; openPanel = [NSOpenPanel openPanel]; [openPanel setCanChooseFiles: YES]; [openPanel setAllowsMultipleSelection: NO]; - [openPanel setAllowedFileTypes: supportedImageFileTypes]; if([openPanel runModal] == NSModalResponseOK) { NSString * file = [[[openPanel URLs] objectAtIndex: 0] path]; if(file == nil) { -- 2.25.1 From: Akihiko Odaki <akihiko.odaki@gmail.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-id: 20220215080307.69550-13-f4bug@amsat.org Message-Id: <20220213021418.2155-1-akihiko.odaki@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- ui/cocoa.m | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ui/cocoa.m b/ui/cocoa.m index XXXXXXX..XXXXXXX 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -XXX,XX +XXX,XX @@ static void addRemovableDevicesMenuItems(void) currentDevice = qmp_query_block(NULL); pointerToFree = currentDevice; - if(currentDevice == NULL) { - NSBeep(); - QEMU_Alert(@"Failed to query for block devices!"); - return; - } menu = [[[NSApp mainMenu] itemWithTitle:@"Machine"] submenu]; -- 2.25.1 From: Akihiko Odaki <akihiko.odaki@gmail.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220215080307.69550-14-f4bug@amsat.org Message-Id: <20220213021329.2066-1-akihiko.odaki@gmail.com> [PMD: Use g_autofree, suggested by Zoltan BALATON] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- ui/cocoa.m | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ui/cocoa.m b/ui/cocoa.m index XXXXXXX..XXXXXXX 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -XXX,XX +XXX,XX @@ static void create_initial_menus(void) /* Returns a name for a given console */ static NSString * getConsoleName(QemuConsole * console) { - return [NSString stringWithFormat: @"%s", qemu_console_get_label(console)]; + g_autofree char *label = qemu_console_get_label(console); + + return [NSString stringWithUTF8String:label]; } /* Add an entry to the View menu for each console */ -- 2.25.1